My User Experience Porting Off Setup.py (opens in new tab)

(gregoryszorc.com)

150 pointsmarkdog122y ago89 comments

89 comments

69 comments · 17 top-level

Taikonerd2y ago· 16 in thread

Packages have always been Python's Achilles heel. Python's philosophy for code is, "there should be one, and preferably only one, obvious way to do it." But for packaging systems, their philosophy is more like Perl: "there's more than one way to do it (and all of them have their own pitfalls)."

I don't understand why the Python leadership hasn't shown stronger... leadership... in which tools they recommend.

stabbles2y ago

Python's situation is pathetic. Some Python folks wanted to get rid of the builtin module `distutils`. Got deprecated, and now it's finally removed in Python 3.12. That's a breaking change in a minor release, probably because they're too afraid to do a Python 4 release after the 2->3 debacle. Then they publish a migration guide only as part of the 3.12 release, which is too little too late, cause the majority of the projects hasn't moved away from `distutils` yet. There's a lot of unclarity like "you can just install setuptools, it replaces distutils" (setuptools has a startup script that hacks the search paths so you can still run `import distutils` and get their vendored copy of it). Except nobody knows whether to add a conditional dependency on setuptools then. Why on earth do you have to depend on another package to get a vendored copy of distutils? And a fraction of the projects doesn't care and makes it a user problem: just install setuptools yourself as a system / user site-package, then everything works. (Except it doesn't when setuptools is in PYTHONPATH cause the startup script doesn't run, which happens on nix and other prefix-based package managers). At the end of the day, every Python package has their own ugly solution.

All that could have been prevented by the Python folks who insisted on deprecating a builtin module. They could have jumped in and help migrate the popular Python packages away from distutils long ago, to set an example. But nope, they really like to keep things messy.

guappa2y ago

You think that's the only module they dropped?

They took away cgi… which I was of course using.

And crypt.

They don't care about breaking things. People would not migrate to python4 so they just break everything in python3 :D

1 more reply

MrJohz2y ago

My impression is that there's lots of different niches that have developed, each with their own needs, and trying to unify them is a mess.

If you're putting something like a web app or something else that will be bundled and distributed as a unit, then you're probably best off with something like Poetry, PDM, or pip-tools - you have a lock file for deterministic dependencies, most of your dependencies will be pure python wheels, and you only really need to test things once. On the other hand, if you're developing a library, you'll need to test against multiple versions of Python, and ideally multiple versions of some of your larger dependencies, to ensure that your library will work for as many users as possible. You'll also need to be able to build and package wheels. Alternatively, you're working in data science, and your main concern is probably making sure you can install the packages you need in the environments you're going to use them - specifically, so that they work with the GPUs and other hardware you have available. And there's still the group of people writing mainly scripts for server maintenance or other tasks, who want to be able to easily install dependencies and keep those dependencies up to date for security reasons, with the minimum number of breaking changes.

Right now, there are different tools, packaging systems, etc catering to each of these groups, and so building the One Ring of Python package management is going to involve (a) solving all of these problems, and (b) convincing all these groups of people that your general solution is better than their niche-specific solution. That's certainly not easy, I don't even know if it's all that possible.

I do think that working from the ground up (i.e building the individual components like the package metadata file, or the pypackages folder experiment) seems to be working well, in that tools seem to be coalescing around these options and finding the best ways to use them, which is all work that might hopefully feed into new official tooling. But we'll see.

wiredfool2y ago

As I see it, there is a hierarchy of packaging needs, the base levels have been solved over and over with new, better, shiny all you need tools -- while the most tricky, complicated part has been solved over and over separately with each project.

  * Pure python -- Easy, use one of the declarative ones. 
  * Python + Standalone C -- not too bad, use the build tool.
  * Python + external (potentially distro supplied) C libraries -- Using setup.py, customized,  and different for each project.

That last one is where Pillow, the ML space, scipy, and others live, and it's painful. Pillow has a 1000 line setup.py file to find all the optional (and 2 required) dependencies and headers on it's platforms. We've also got code to build the dependencies if necessary for packaging. To port this to some standard, we'd effectively need rpm or dpkg style build infra from PyPa, to work on all the supported platforms.

2 more replies

golergka2y ago

> you're working in data science, and your main concern is probably making sure you can install the packages you need in the environments you're going to use them

Honest question from a web developer who sometimes has to work with Python — don't containers solve exactly this?

3 more replies

tracnar2y ago

It seems to stem from the Python packaging story being driven by PyPA, rather than the Python foundation, which appears reluctant to pick a packaging solution and ship it with CPython. setuptools was kind of an in-between, it was included in CPython but in many cases you have to update it or add plugins...

eddyg2y ago

I’m thinking https://astral.sh/ are going to be the ones to “solve” this.

ri0t2y ago

Packaging and linting are two very different topics. Just because someone does A very well, doesn't mean they have any clue about B.

epicureanideal2y ago

Astral and Ruff look great, but what is their monetization strategy, and how do their interests intersect with the interests of the developer community in the long term?

preciousoo2y ago

Unsure if slick promo or not, but that review by tiangolo instantly piqued my interest

claytonjy2y ago

By joining forces with Pyflow, or a different tool, or making yet another one?

enthus1ast2y ago

Packaging was the reason I left python (in favor of Nim) roughly 10 years ago.

nor-and-or-not2y ago

The funny thing in context to this is that Perl has rock solid package management and distribution since like forever (CPAN).

ok1234562y ago

If the code hasn't had any updates in 15 years, it's easy to be rock solid.

ximm2y ago

I believe PEP 517 was how the Python leadership wanted to improve the situation. Unfortunately it backfired hard. It broke the existing systems and further fractured the ecosystem.

gonzo412y ago

Python leadership did the python 2->3 adventure. So.....

But yeah, I agree. This is something that golang nails. They supply all the options out of the box.

_dain_2y ago· 12 in thread

A friend of mine had a critique of videogames that has stuck with me. He called them "antiknowledge". Your brain's learning faculties are repurposed into "learning" something that isn't actually a thing. You get really good at some artificial skinner box treadmill system ... and then they change the meta and you have to keep up with the new stats and strategies and so on. Yet after sinking in hundreds of hours, you don't come out the other end with any tangible real-life skill, that would be useful outside of the game.

That's what Python packaging feels like. At least videogames are fun.

Pannoniae2y ago

Not all of them! Many of those skinnerbox type games actually have a pretty mediocre or outright unfun game loop - it's the skins, battle passes and "rewards" which keep people playing.

golergka2y ago

A lot of videogames have you learning antiknowledge, but at the same time very useful meta skills. Build orders in Starcraft won't help you in your office job, but a habit of working out complicated tradeoffs, feeling out your opponent and having a feel of un-intuitive consequences will.

wzdd2y ago

> you don't come out the other end with any tangible real-life skill, that would be useful outside of the game.

Replace "the game" with "the small sphere of specialisation" and this applies to learning a great many things which don't generalise, many of which don't make you money either.

Your friend doesn't have a critique of video games, he has just discovered relaxation and/or hobbies.

fmajid2y ago

Girls' supposedly innate disadvantage over boys in spatial skills disappears after they play video games.

ShamelessC2y ago

What does that have to do with anything?

1 more reply

smetj2y ago

I do not think your example does a favor to describing anti-knowledge. I do think anti-knowledge exists in IT and its a problem. One of which is the label and annotation cult.

ydnaclementine2y ago

Really good description of dota2 in particular. In some ways, League has become more "pure" in my mind (especially comparing to w3 dota)

Mawr2y ago

Completely wrong. Every skill, no matter how useless, generalizes.

Competitive team games are the best examples. Playing them well requires internalizing the concepts of probability, teamwork, mindset, efficiency, dealing with failure, etc.

Those skills come quite in handy because life is a game. It's especially obvious when looking at human-created systems like capitalism and jobs.

Mawr2y ago

(self-correction)

"Completely wrong" is too harsh. What I said only holds true when a player puts in the effort to get good at a game. Mindlessly playing Cookie Clicker while commuting will not yield many benefits.

totallywrong2y ago

That's nonsense. The same could be said of most hobbies. The motivation isn't learning real life skills, it's entertainment.

atoav2y ago

It can be. But isn't it a question of balance?

If you play some useless¹ game for the majority of your days, you can have multiple reasons for this. Maybe it keeps you occupied and thinking of the problems in your life? But after a certain degree it certainly does not "entertain" you anymore: You are doing it because doing anything else that you can think of feels worse. And a few years after not a lot will be left of it, unless you played with your friends or there was something in it for you beyond just pushing the time forward.

If I am playing my instrument for hours, I have at least improved at expressing my feelings with my instrument while having a generally good and relaxing time. And after years of doing it I can do it well enough to play on concerts without feeling afraid.

I know to many people who are so afraid of their own thoughts, they will obsessively "entertain" themselves dueinf all wake hours, and the majority of the time they are not enjoying it. This is bad. We only have one life. You don't get a price for having some the most, but at least do something that is meaningful.

¹ a game that you yourself don't even love that much

smitty1e2y ago

I'm +infinity on "antiknowledge", but I like your "entertainment" point.

To harmonize these ideas, I argue to the kids that the "entertainment" choices are like spice on the food. We want enough to enjoy the flavor in question, but not so much that the usage becomes expensive or overpowers the dish.

_8j502y ago· 5 in thread

I just wanna say I really hate the new poetry+toml crap, it's just more complicated and yet another set of crap I gotta deal with arbitrarily by arbitrary projects.

Why not just improve upon pip? I don't know, just have pip use toml and give it different flags or auto detect things? Was a whole new ecosystem of tools needed?

I look at decisions like this and I know a Python 4.0 is on the way, just like the 2->3 jump because why not right?

Any language that updates it's syntax or toolset in a way that is impossible to have backwards compatibility is an irresponsible toy language, as awesome and powerful as it may be, the developers are still toying and tinkering with it with no regard to real world impact of their decisions.

Why can't python3.12 have a flag like --std=2.7.18 for example, like gcc? If the devs don't have enough resources, I would live to see a donate page I can help out with.

We are at a point where to deploy python you can't use python but you need shell scripts to figure out versions, venvs, pyev, pipx, poetry, etc... and reliably fail of course and every time you have to troubleshoot the problem. This is a failure in software engineering, new grads should be taught of python and similar languages and the lack of planning and organization and resulting cascading chaos as examples of how not to design the user experience of any piece of software.

Sorry if I exaggerated a bit anywhere, it's difficult to pretend all the frustrations and crying out "why???" when using python don't exist. But at the same time, it is still my #1 go to language for most use cases because the language itself is just fabulous!

piyh2y ago

I deal with aggressive vulnerability management at work, and we have a unified pipeline. Figuring out what our servers will be running versus what we are doing locally versus what the pipeline expects us to do for dependencies, plus vuln management is so much work.

God forbid you have to upgrade a base python version and reopen the dusty tomes of python dependency hell.

_8j502y ago

I work in infosec as well and I have yet to even look into malicious pip packages (although I've seen malicious nuget packages), with the last curl vuln it was chaotic, telling people a lot of things actually use libcurl. Can you imagine if something like the requests or urllib package became compromised, absolutley no real way to manage the patching, projects using old versions of it will be forced to upgrade and every package that claims it needs a specific version will break, pure chaos!

fmajid2y ago

> reopen the dusty tomes of python dependency hell.

They are bathed regularly in the blood of a thousand virgins and anything but dusty

izoow2y ago

I still use pip + venv for everything and I don't really see a reason to change. Correct me if I'm wrong, but the way I understand it, tools like poetry aren't really anything "official" as pip is, just something that popped up and gained some traction. It's only the pyproject.toml format that was standardized, and poetry happens to be one of the tools that supports it.

TheCleric2y ago

One area I really like the push towards pyproject.toml: Configuration.

I was sick of having 10 different files in the root of my project to config the different tooling that the project used.

I got so sick of it at one point, I went ahead and wrote the code to support the pyproject.toml file for mypy because it was my last holdout.

stop502y ago· 4 in thread

Its more funny to migrate the old setup.py process to the pyproject.toml and an rpm specfile. with an setup.py you can say something like "python3 setup.py install -root=$builddir"

cbarrick2y ago

With project.toml, the new strat is to build the wheel with `python3 -m build` and then install it with `pip install --root=$DESTDIR` plus a handful of flags to tell pip not to touch the network or the local cache.

It's not great, but it's also not terrible.

E.g. https://github.com/cbarrick/efiboot/blob/2ca46a7c27c837adf23...

stop502y ago

I know that now, but at the time i migrated i didn't and i had the same problems as the post. I still have my problems with using python in the company but it isn't from python or its ecosystem itself. Its from redhat splitting their python packages into the different supported python versions(package a is only available for 3.6 and package b only for 3.11)

jjgreen2y ago

Don't try running that on Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035546

1 more reply

rpier0012y ago

Out of context (and with limited knowledge) comment 3 seems terrifying.

1 more reply

__mharrison__2y ago· 4 in thread

Ouch. I stopped reading 15% of the way through because I noticed that I was only 15% of the way through and I felt like it should be the end.

It seems like with a tenth of the effort of this blog rant the author could have written a flowchart or best practices.

Luckily for 99% of Python users, we only need to install libraries and not package them...

acemarke2y ago

I wrote a very similar post a couple months ago about trying to modernize the Redux JS packages to support ESM and CJS module formats:

https://blog.isquaredsoftware.com/2023/08/esm-modernization-...

I _liked_ Gregory's post. I _felt_ all of the frustration, and the confusion over lack of good docs, and the plethora of competing tools and formats. It resonated deeply for me. I haven't touched Python in years, but I could see exactly how all these pain points were happening thanks to the writing style and the explanations. The goal is to share "here's what I tried", "here's what seems wrong or broken", "here's the pitfalls I ran into", and "here's the _frustration_ I'm feeling at how messed up this all is". And it succeeded.

(And fwiw, I've had a lot of other folks in the JS ecosystem express similar thoughts as thanks for my post. It's a limited target audience, most people won't care, but the folks who _do_ have to deal with these kinds of problems understand and appreciate the details and the effort involved.)

golergka2y ago

Thank you for this post! I've recently read it and then decided to abandon any attempt at such a migration.

bjornasm2y ago

How can he write that when seemingly there is no best practices from Python?

jjgreen2y ago

"Rewrite in Pascal"?

stabbles2y ago· 3 in thread

About "eager deprecations" let me give you another absolute gem:

    ********************************************************************************
    The license_file parameter is deprecated, use license_files instead.

    By 2023-Oct-30, you need to update your project and remove deprecated calls
    or your builds will no longer be supported.
    ********************************************************************************

Yes, please go ahead and break people's builds at an arbitrary date because the technical challenges of supporting both `license_file` and `license_files` are insurmountable.

xnorswap2y ago

To be fair, that seems to have been a 2.5 year warning:

https://github.com/pypa/setuptools/commit/3544de73b3662a27fa...

stabbles2y ago

Just as an example: CMake ensures roughly a decade of backwards compatibility.

This `license_file` change is the epitome of unnecessary breakage.

fmajid2y ago

Or packages' need to support more than one version of Python.

fastasucan2y ago· 2 in thread

I think the documentation (or lack of documentation) can be very illuminating in the focus and though process of those behind a project. That there is concise "This is how you did it before and this is how it is done now" shows that there seemingly haven't been any though process in building that bridge. And in general it seems like the process of packaging projects that is not going to be published on pypi, but are going to be used internally is a dark spot as well.

Having the mess of different blog posts and documentation sources saying different stuff is far from ideal though. If you can't sum up the process in a clear concise way you are far from done.

guappa2y ago

Python removed distutils… basically now there is no official way to install things.

eesmith2y ago

The Python documentation says "pip is the preferred installer program. Starting with Python 3.4, it is included by default with the Python binary installers." - https://docs.python.org/3/installing/index.html#installing-i...

1 more reply

JodieBenitez2y ago· 2 in thread

> No offence meant to the Poetry project here but I don't perceive my project as needing whatever features Poetry provides: I'm just trying to publish a simple library package

I don't understand... Poetry solves this too.

phanimahesh2y ago

It is not obvious it does.

JodieBenitez2y ago

It's literally written on the home page:

    SHARE YOUR WORK
    Publish
    Make your work known by publishing it to PyPI
    You can also publish on private repositories

ahgamut2y ago· 1 in thread

Thank you Gregory for writing this post. There have been a bunch of announcements about "setup.py has been deprecated", but few have clearly outlined how to move away from setup.py, and more importantly, fewer have outlined what a struggle it is to move away from setup.py.

I was sad to see setuptools officially deprecated, because it looks like another way in which Python packaging is being red-taped away for a non-expert. If someone like the OP (who has 10+ years programming Python) had to do so much for what appears to be a zstd CFFI/Rust wrapper, where does that leave the rest of us?

Here's a python package of mine that uses setup.py: https://github.com/ahgamut/cliquematch/blob/master/setup.py which I have not upgraded to the new tool(s) yet. I think I will need to upgrade it soon. If anyone has suggestions for a tool that will _fully replace_ setup.py, I would like to see tutorials with the following examples:

1. How would I build a package that has pure-Python files and data files? With setuptools I would use maybe MANIFEST.in or package_dir.

2. How would I build a package that has a CPython extension accessed via cffi? (this post points to the answer)

3. How would I build a package that has a CPython extension _without_ cffi, that just wraps some small C code I wrote with CPython's API? What about an extension that uses PyBind11? What about an extension that uses Rust?

4. How would I build a package that requires a "system" package like libblas-dev? Can something like numpy be built optimally without ever writing setup.py? What would a config for that look like? Last I remember numpy used their own patch of distutils to build, I wonder what it is now.

ketozhang2y ago

Here's a packaging guide that answers most of your questions.

https://learn.scientific-python.org/development/guides/packa...

As a TLDR, you have many options 3rd party build tool (aka build backends). Each build tool have different *static* ways to specify compile options that is native to the language or generic (e.g., CMakeList,s Cargo.toml, 3rd party YAML. When it comes to dynamically specifying your extensions, setuptools is still the only option.

mekoka2y ago· 1 in thread

As someone who just yesterday also went through the exercise of (finally) understanding how to package with pyproject.toml, I empathize with the author and agree with a few painpoints he mentioned. Namely the confusion caused when opening some pages in https://packaging.python.org/en/latest/ and seeing references to a number of soon to be deprecated tools and approaches to packaging, as though they still have a place in the horizon. It's especially frustrating because the website is versioned, so you would expect a deliberate use of deprecation warnings and clear recommendations to migrate to new approaches and tools. I opened that website with the understanding that pyproject.toml is the future and setup.py is out. Instead, I still saw pages where the two are treated as though they will coexist for a while.

Having said that, the author also sounds like he's ranting a bit. He seems to insist in finding specifically how to work the way setup.py used to, but without setup.py, instead of just learning how to use pyproject.toml. While learning the new way of doing something, how it replaces the old way is usually self-evident. The (official) tutorial he eventually lands on (https://packaging.python.org/en/latest/tutorials/packaging-p...) is actually a pretty good primer. Without previously knowing what hatchling, build, twine, or even pyproject.toml was, I was able to quickly understand their purpose. From clicking a few other links on the side bar, I understood that packaging is done with tools that present a frontend and interact with a backend. Sometimes a tooling set provides both. Hatch seems to be the frontend of one such project, while Hatchling is the backend.

eesmith2y ago

> The (official) tutorial he eventually lands on ... is actually a pretty good primer.

That tutorial you linked to does not describe how to handle the issue the author faced in building a Python binary extension. It doesn't even describe how to build a C/C++/whatever extension.

At the bottom of the page the text "Read about Packaging binary extensions" points to https://packaging.python.org/en/latest/guides/packaging-bina... which starts "Page Status: Incomplete" and "Last Reviewed: 2013-12-08", and contains a number of "FIXME" sections.

(Parts have been updated during the decade, but the contents of the page do not instill confidence that it's up-to-date.)

That documentation still doesn't show how to configure the extension, instead linking to https://docs.python.org/3/extending/extending.html . That in turn links to https://docs.python.org/3/extending/building.html which links to https://setuptools.pypa.io/en/latest/setuptools.html which takes you to https://setuptools.pypa.io/en/latest/userguide/ext_modules.h... showing how to configure your setup.py.

However, unlike using setup.py directly, where you can hack setup.py's argv, that documentation does not show any way to specify compile-time parameters, "like --system-zstd and --rust-backend as a way to influence the build".

Which is what the author wants to do.

wodenokoto2y ago· 1 in thread

I’m quite surprised to see that setup.py has been deprecated for years. I set out to setup my first package earlier this year and after spending way too much time trying to figure out what is recommended and why I actually settled on setup.py

I knew it was “the old” way, but didn’t realize it was abandoned.

Getting your code packaged seems way harder than developing your code.

ketozhang2y ago

It is not deprecated. Calling setup.py directly is (i.e., `python setup.py sdist`)

Modern way of building a package is to use a build frontend. Most notably is the PyPA's build package.

    python -m build .

Most project managers like poetry has this built-in with it's `poetry build` command.

paradox2422y ago· 1 in thread

It is as if someone has taken the time to describe my typical day. I'm not a package maintainer or anything, just a guy trying to keep multiple CI/CD systems working.

I did not get halfway through this before I could start to feel the hairs of my neck start to stand on end. The numerous blind alleys. The promising leads that aren't. The official documentation that contains links to other documents that contradict the first and so I have to try and also piece together some temporal state to make any sense of any of it. Some days it seems I am actually some kind of an information archeologist, piecing together the detritus of overlapping civilizations.

ketozhang2y ago

In this particular case. OP had a lot of knowledge which served as a crutch in this journey. The less you are aware of how setuptools used to work, the better.

akubera2y ago

I've had a similarly frustrating time trying to understand and wrangle the pyproject.toml builder system, (egg-layer? wheel-roller? cheese-monger?)

One thing the author might want to try is writing their own "build-backend". You can specify your own script (even use setup.py) and that will be the target of python -m build or pip wheel or presumably whatever build-frontend you use.

    # pyproject.toml
    [build-system]
    requires = ["setuptools"]
    build-backend = "setup"  # import setup.py as the build-module
    backend-path = ["."]

Then in setup.py you should write two functions:

    def build_sdist(sdist_directory, config_settings):
        ...

    def build_wheel(wheel_directory, config_settings, metadata_directory):
        ...

Where config_settings is a dictionary of the command line "--config-settings" options passed to the builder. (sys.argv does not have access to the actual invocation, I suppose to ensure frontend standardization)

example:

    $ python -m build --config-setting=foo=bar --config-setting=can-spam

    # will call 
    >>> build_sdist("the/dist/dir", {"foo": "bar", "can": "spam"})

Of course, you can extend the default setuptools build meta so you only have to do the pre-compilation or whatever your custom build step requires:

    from setuptools.build_meta import build_sdist as setuptools_build_sdist

    def build_sdist(sdist_directory, config_settings):
        # ... code-gen and copy files to source  ...

        # this will call setup.py::setup, to make things extra confusing
        return setuptools_build_sdist(sdist_directory, config_settings)

I had to create a temporary MANIFEST.in file to make sure that the setuptools build_sdist saw the generated files. Maybe there's a better way? I think the wheel "just" packages whatever the sdist produces, though that might be more difficult if you're compiling .so files or whatnot.

Still overall pretty fiddly/under-documented and a shame there seems to be a push for more dependencies rather than encouraging users to build their own solutions.

More info in PEP 517: https://peps.python.org/pep-0517/

PennRobotics2y ago

    I open https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html
    in my browser and see a 4,000+ word blog post.
    Oof. Do I really want/need to read this?

*proceeds to write an 8,000 word blog post about it*

-----

Kidding aside, good content and a great reminder to think before blindly upgrading—at least until the kinks and details are worked through

ri0t2y ago

I've decided (a few years ago) that if i'll ever have to upgrade the packaging for my stuff, i'm going to do it with nix (and only that - sorry other os users, you'll have to install nix - actually: not sorry!). I was in (distro) packaging way too deep and decided that my limited time in this world doesn't allow for that kind of crap, anymore.

The blatant mess that ensued in the meantime (i.e. last few years) proves me right, imho.

Nimitz142y ago

Thank you for sharing this journey! Very helpful.

anacrolix2y ago

from* ffs

j / k navigate · click thread line to collapse

89 comments

69 comments · 17 top-level

Taikonerd2y ago· 16 in thread

I don't understand why the Python leadership hasn't shown stronger... leadership... in which tools they recommend.

stabbles2y ago

guappa2y ago

You think that's the only module they dropped?

They took away cgi… which I was of course using.

And crypt.

They don't care about breaking things. People would not migrate to python4 so they just break everything in python3 :D

1 more reply

MrJohz2y ago

My impression is that there's lots of different niches that have developed, each with their own needs, and trying to unify them is a mess.

wiredfool2y ago

  * Pure python -- Easy, use one of the declarative ones. 
  * Python + Standalone C -- not too bad, use the build tool.
  * Python + external (potentially distro supplied) C libraries -- Using setup.py, customized,  and different for each project.

2 more replies

golergka2y ago

> you're working in data science, and your main concern is probably making sure you can install the packages you need in the environments you're going to use them

Honest question from a web developer who sometimes has to work with Python — don't containers solve exactly this?

3 more replies

tracnar2y ago

eddyg2y ago

I’m thinking https://astral.sh/ are going to be the ones to “solve” this.

ri0t2y ago

Packaging and linting are two very different topics. Just because someone does A very well, doesn't mean they have any clue about B.

epicureanideal2y ago

Astral and Ruff look great, but what is their monetization strategy, and how do their interests intersect with the interests of the developer community in the long term?

preciousoo2y ago

Unsure if slick promo or not, but that review by tiangolo instantly piqued my interest

claytonjy2y ago

By joining forces with Pyflow, or a different tool, or making yet another one?

enthus1ast2y ago

Packaging was the reason I left python (in favor of Nim) roughly 10 years ago.

nor-and-or-not2y ago

The funny thing in context to this is that Perl has rock solid package management and distribution since like forever (CPAN).

ok1234562y ago

If the code hasn't had any updates in 15 years, it's easy to be rock solid.

ximm2y ago

I believe PEP 517 was how the Python leadership wanted to improve the situation. Unfortunately it backfired hard. It broke the existing systems and further fractured the ecosystem.

gonzo412y ago

Python leadership did the python 2->3 adventure. So.....

But yeah, I agree. This is something that golang nails. They supply all the options out of the box.

_dain_2y ago· 12 in thread

That's what Python packaging feels like. At least videogames are fun.

Pannoniae2y ago

Not all of them! Many of those skinnerbox type games actually have a pretty mediocre or outright unfun game loop - it's the skins, battle passes and "rewards" which keep people playing.

golergka2y ago

wzdd2y ago

> you don't come out the other end with any tangible real-life skill, that would be useful outside of the game.

Replace "the game" with "the small sphere of specialisation" and this applies to learning a great many things which don't generalise, many of which don't make you money either.

Your friend doesn't have a critique of video games, he has just discovered relaxation and/or hobbies.

fmajid2y ago

Girls' supposedly innate disadvantage over boys in spatial skills disappears after they play video games.

ShamelessC2y ago

What does that have to do with anything?

1 more reply

smetj2y ago

I do not think your example does a favor to describing anti-knowledge. I do think anti-knowledge exists in IT and its a problem. One of which is the label and annotation cult.

ydnaclementine2y ago

Really good description of dota2 in particular. In some ways, League has become more "pure" in my mind (especially comparing to w3 dota)

Mawr2y ago

Completely wrong. Every skill, no matter how useless, generalizes.

Competitive team games are the best examples. Playing them well requires internalizing the concepts of probability, teamwork, mindset, efficiency, dealing with failure, etc.

Those skills come quite in handy because life is a game. It's especially obvious when looking at human-created systems like capitalism and jobs.

Mawr2y ago

(self-correction)

"Completely wrong" is too harsh. What I said only holds true when a player puts in the effort to get good at a game. Mindlessly playing Cookie Clicker while commuting will not yield many benefits.

totallywrong2y ago

That's nonsense. The same could be said of most hobbies. The motivation isn't learning real life skills, it's entertainment.

atoav2y ago

It can be. But isn't it a question of balance?

¹ a game that you yourself don't even love that much

smitty1e2y ago

I'm +infinity on "antiknowledge", but I like your "entertainment" point.

_8j502y ago· 5 in thread

I just wanna say I really hate the new poetry+toml crap, it's just more complicated and yet another set of crap I gotta deal with arbitrarily by arbitrary projects.

Why not just improve upon pip? I don't know, just have pip use toml and give it different flags or auto detect things? Was a whole new ecosystem of tools needed?

I look at decisions like this and I know a Python 4.0 is on the way, just like the 2->3 jump because why not right?

Why can't python3.12 have a flag like --std=2.7.18 for example, like gcc? If the devs don't have enough resources, I would live to see a donate page I can help out with.

piyh2y ago

God forbid you have to upgrade a base python version and reopen the dusty tomes of python dependency hell.

_8j502y ago

fmajid2y ago

> reopen the dusty tomes of python dependency hell.

They are bathed regularly in the blood of a thousand virgins and anything but dusty

izoow2y ago

TheCleric2y ago

One area I really like the push towards pyproject.toml: Configuration.

I was sick of having 10 different files in the root of my project to config the different tooling that the project used.

I got so sick of it at one point, I went ahead and wrote the code to support the pyproject.toml file for mypy because it was my last holdout.

stop502y ago· 4 in thread

Its more funny to migrate the old setup.py process to the pyproject.toml and an rpm specfile. with an setup.py you can say something like "python3 setup.py install -root=$builddir"

cbarrick2y ago

It's not great, but it's also not terrible.

E.g. https://github.com/cbarrick/efiboot/blob/2ca46a7c27c837adf23...

stop502y ago

jjgreen2y ago

Don't try running that on Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035546

1 more reply

rpier0012y ago

Out of context (and with limited knowledge) comment 3 seems terrifying.

1 more reply

__mharrison__2y ago· 4 in thread

Ouch. I stopped reading 15% of the way through because I noticed that I was only 15% of the way through and I felt like it should be the end.

It seems like with a tenth of the effort of this blog rant the author could have written a flowchart or best practices.

Luckily for 99% of Python users, we only need to install libraries and not package them...

acemarke2y ago

I wrote a very similar post a couple months ago about trying to modernize the Redux JS packages to support ESM and CJS module formats:

https://blog.isquaredsoftware.com/2023/08/esm-modernization-...

golergka2y ago

Thank you for this post! I've recently read it and then decided to abandon any attempt at such a migration.

bjornasm2y ago

How can he write that when seemingly there is no best practices from Python?

jjgreen2y ago

"Rewrite in Pascal"?

stabbles2y ago· 3 in thread

About "eager deprecations" let me give you another absolute gem:

    ********************************************************************************
    The license_file parameter is deprecated, use license_files instead.

    By 2023-Oct-30, you need to update your project and remove deprecated calls
    or your builds will no longer be supported.
    ********************************************************************************

Yes, please go ahead and break people's builds at an arbitrary date because the technical challenges of supporting both `license_file` and `license_files` are insurmountable.

xnorswap2y ago

To be fair, that seems to have been a 2.5 year warning:

https://github.com/pypa/setuptools/commit/3544de73b3662a27fa...

stabbles2y ago

Just as an example: CMake ensures roughly a decade of backwards compatibility.

This `license_file` change is the epitome of unnecessary breakage.

fmajid2y ago

Or packages' need to support more than one version of Python.

fastasucan2y ago· 2 in thread

Having the mess of different blog posts and documentation sources saying different stuff is far from ideal though. If you can't sum up the process in a clear concise way you are far from done.

guappa2y ago

Python removed distutils… basically now there is no official way to install things.

eesmith2y ago

1 more reply

JodieBenitez2y ago· 2 in thread

> No offence meant to the Poetry project here but I don't perceive my project as needing whatever features Poetry provides: I'm just trying to publish a simple library package

I don't understand... Poetry solves this too.

phanimahesh2y ago

It is not obvious it does.

JodieBenitez2y ago

It's literally written on the home page:

    SHARE YOUR WORK
    Publish
    Make your work known by publishing it to PyPI
    You can also publish on private repositories

ahgamut2y ago· 1 in thread

1. How would I build a package that has pure-Python files and data files? With setuptools I would use maybe MANIFEST.in or package_dir.

2. How would I build a package that has a CPython extension accessed via cffi? (this post points to the answer)

ketozhang2y ago

Here's a packaging guide that answers most of your questions.

https://learn.scientific-python.org/development/guides/packa...

mekoka2y ago· 1 in thread

eesmith2y ago

> The (official) tutorial he eventually lands on ... is actually a pretty good primer.

That tutorial you linked to does not describe how to handle the issue the author faced in building a Python binary extension. It doesn't even describe how to build a C/C++/whatever extension.

(Parts have been updated during the decade, but the contents of the page do not instill confidence that it's up-to-date.)

Which is what the author wants to do.

wodenokoto2y ago· 1 in thread

I knew it was “the old” way, but didn’t realize it was abandoned.

Getting your code packaged seems way harder than developing your code.

ketozhang2y ago

It is not deprecated. Calling setup.py directly is (i.e., `python setup.py sdist`)

Modern way of building a package is to use a build frontend. Most notably is the PyPA's build package.

    python -m build .

Most project managers like poetry has this built-in with it's `poetry build` command.

paradox2422y ago· 1 in thread

It is as if someone has taken the time to describe my typical day. I'm not a package maintainer or anything, just a guy trying to keep multiple CI/CD systems working.

ketozhang2y ago

In this particular case. OP had a lot of knowledge which served as a crutch in this journey. The less you are aware of how setuptools used to work, the better.

akubera2y ago

I've had a similarly frustrating time trying to understand and wrangle the pyproject.toml builder system, (egg-layer? wheel-roller? cheese-monger?)

    # pyproject.toml
    [build-system]
    requires = ["setuptools"]
    build-backend = "setup"  # import setup.py as the build-module
    backend-path = ["."]

Then in setup.py you should write two functions:

    def build_sdist(sdist_directory, config_settings):
        ...

    def build_wheel(wheel_directory, config_settings, metadata_directory):
        ...

example:

    $ python -m build --config-setting=foo=bar --config-setting=can-spam

    # will call 
    >>> build_sdist("the/dist/dir", {"foo": "bar", "can": "spam"})

Of course, you can extend the default setuptools build meta so you only have to do the pre-compilation or whatever your custom build step requires:

    from setuptools.build_meta import build_sdist as setuptools_build_sdist

    def build_sdist(sdist_directory, config_settings):
        # ... code-gen and copy files to source  ...

        # this will call setup.py::setup, to make things extra confusing
        return setuptools_build_sdist(sdist_directory, config_settings)

Still overall pretty fiddly/under-documented and a shame there seems to be a push for more dependencies rather than encouraging users to build their own solutions.

More info in PEP 517: https://peps.python.org/pep-0517/

PennRobotics2y ago

    I open https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html
    in my browser and see a 4,000+ word blog post.
    Oof. Do I really want/need to read this?

*proceeds to write an 8,000 word blog post about it*

-----

Kidding aside, good content and a great reminder to think before blindly upgrading—at least until the kinks and details are worked through

ri0t2y ago

The blatant mess that ensued in the meantime (i.e. last few years) proves me right, imho.

Nimitz142y ago

Thank you for sharing this journey! Very helpful.

anacrolix2y ago

from* ffs

j / k navigate · click thread line to collapse