1. 19 Apr, 2024 3 commits
    • Xavier Thompson's avatar
      [fix] Restrict package index search path · e54670fe
      Xavier Thompson authored
      Restrict package index search_path to buildout:extra-paths value.
      Without this, setting an empty extra-paths has been observed to
      cause package index lookup to crash when finding an already
      installed distribution in sys.path that matches the request, but
      is not installable (as it is already installed, e.g. it's not a
      .tar.gz or .whl or some such expected distribution format)
      
      Maybe package index search_path should simply always be empty?
      It does not seem to make much sense to look for installable
      distributions on sys.path, in fact it seems accidental.
      e54670fe
    • Xavier Thompson's avatar
      [fix] Fix package index selection indexing · 589ddc26
      Xavier Thompson authored
      Index constructed package indexes by all their parameters.
      589ddc26
    • Xavier Thompson's avatar
      [feat] Add buildout:extra-paths option · 3a103f93
      Xavier Thompson authored
      This option determines what paths zc.buildout will scan for already
      installed distributions. This defaults to sys.path and can be set to
      an empty value to enable isolation. The special value 'legacy' yields
      the previous behavior of scanning specifically the paths of the current
      zc.buildout distribution and its dependencies.
      3a103f93
  2. 18 Apr, 2024 3 commits
    • Xavier Thompson's avatar
      [fix] Fix bootstrap working set order · 5834ec9e
      Xavier Thompson authored
      In bootstrap we potentially copy eggs from the working set to ./eggs.
      We then reconstruct the same working set using the moved locations.
      
      This commits ensures we keep a correct working set order throughout
      and that we avoid activating unintended dists.
      5834ec9e
    • Xavier Thompson's avatar
      [fix] Fix working set sorting · f8a65f4f
      Xavier Thompson authored
      If a dist in the computed working set is at a location shared with
      other dists - such as site-packages - then when generating scripts
      these other packages may overshadow the next items on the sys.path
      and result in importing a different version than the one installed
      and intended by buildout.
      
      To avert this, a sort of the working set was introduced at various
      points just before generating a script.
      
      However, that sort put the paths referenced from an `.egg-link` in
      ./develop-eggs first. This is truly problematic because dists from
      site-packages which are not eggs - e.g. dists installed with pip -
      can become referenced as `.egg-link` during buildout bootstrap and
      the sort then causes site-packages to be one of the first items in
      sys.path.
      
      In particular when running buildout bootstrap from a venv in which
      zc.buildout was installed by pip, if any one of zc.buildout or its
      dependencies from the venv meets the version requirements, then it
      can cause the generated bin/buildout to import the dists only from
      the venv's site-packages, even when some do not meet requirements.
      
      To fix this, the sort now puts the dists from `./eggs` first as we
      know their locations contain only a single dist, and then puts the
      dists from ./develop-eggs which have locations inside the buildout
      directory before the others.
      
      The previous sort was also activating all the dists from the paths
      of the already activated dists.
      
      Note that this also means that any working set must be manipulated
      with care in general to avoid activating unintended dists from the
      locations of the already activated dists.
      f8a65f4f
    • Xavier Thompson's avatar
      [fix] Use only ws.find in install · 4f64688e
      Xavier Thompson authored
      Replace `pkg_resources.Environment(ws.entries).best_match(req, ws)`
      with `ws.find(req)`.
      
      The first already starts by calling `ws.find(req)` to attempt to find
      an already activated dist in the working set, but if none is found it
      then proceeds to scan through the entries of the environment - i.e.
      the locations of the directly-requested distributions, `ws.entries` -
      to activate a dist at these locations if one matches.
      
      This is problematic when directly-requested distributions are found in
      a location shared by multiple dists, such as site-packages: this gives
      that location precedence over the normal order of locations scanned by
      easy_install, and can result in undesired versions being chosen over
      versions available in ./eggs or in ./develop-eggs. The random aspect
      of this is also problematic, as the order of paths considered will
      depend on the order of the directly-requested distributions and where
      they are found.
      4f64688e
  3. 02 Apr, 2024 34 commits