Closed Bug 1148087 Opened 10 years ago Closed 8 years ago

Windows pulls packages from pypi.python.org

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mshal, Assigned: markco)

References

Details

Attachments

(1 file, 4 obsolete files)

Bug1148087-correct-pip-conf-dir.patch
656 bytes, patch
Callek
: review+
nthomas
: checked-in-
Details | Diff | Splinter Review
We have an internal pypi.pvt.build.mozilla.org for python packages, but some Windows builds appear to be pulling packages from pypi.python.org instead. Everything should be pulling from pypi.pvt.build.mozilla.org. I'm not entirely sure where the fix for this is - maybe a mozharness parameter or something we need to add to the Windows builders.
Looks like this is for all windows builds, not just some.
Summary: Windows sometimes pulls packages from pypi.python.org → Windows pulls packages from pypi.python.org
Q, is this something we'd need to add to GPO or puppet somewhere? OSX has this for example: $ cat .pip/pip.conf # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. [install] no-index = true find-links = http://pypi.pvt.build.mozilla.org/pub http://pypi.pub.build.mozilla.org/pub Which comes from puppet: http://mxr.mozilla.org/build/source/puppet/modules/python/templates/user-pip-conf.erb
Flags: needinfo?(q)
Would need to be done in both gpo and puppett while we are keeping parity. It shouldn't be too hard to drop in
Flags: needinfo?(q)
Blocks: 1240993
This file is already on the Windows builders at C:\users\cltbld\.pip\pip.conf. Contents: # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. [install] no-index = true disable-pip-version-check = true find-links = http://pypi.pvt.build.mozilla.org/pub http://pypi.pub.build.mozilla.org/pub trusted-host = pypi.pvt.build.mozilla.org pypi.pub.build.mozilla.org mshal: Does this need to go to a different directory?
Flags: needinfo?(mshal)
> On Windows, the configuration file is: %HOME%\pip\pip.ini https://pip.readthedocs.io/en/1.4/configuration.html OR for a newer pip: https://pip.readthedocs.io/en/stable/user_guide/#config-file > On Windows the configuration file is %APPDATA%\pip\pip.ini. Though ""There are also a legacy per-user configuration file which is also respected, these are located at:"" which matches the first location
Flags: needinfo?(mshal)
Retriggers are coming back green, so I'm going to reopen the trees, but this should still get fixed at some point soon, hopefully.
Comment on attachment 8760955 [details] [diff] [review] Bug1148087-correct-pip-conf-dir.patch If r+, I will land this post-London.
Attachment #8760955 - Flags: review?(bugspam.Callek)
Comment on attachment 8760955 [details] [diff] [review] Bug1148087-correct-pip-conf-dir.patch Review of attachment 8760955 [details] [diff] [review]: ----------------------------------------------------------------- Even if you have a reason not to prefer the legacy location, this isn't correct because it shouldn't be '.pip' but rather the bareword 'pip' for directory name. ::: modules/python/manifests/user_pip_conf.pp @@ +22,2 @@ > file { > + "$homedir_/AppData/Roaming/.pip": I'd actually prefer the "legacy" directory from that same ref, since it works for both older and newer pip versions. $homedir_/pip/ @@ +24,2 @@ > ensure => directory; > + "$homedir_/AppData/Roaming/.pip/pip.conf": and here: $homedir/pip/pip.conf
Attachment #8760955 - Flags: review?(bugspam.Callek) → review-
Attachment #8760955 - Attachment is obsolete: true
Attachment #8760961 - Flags: review?(bugspam.Callek)
Attachment #8760961 - Flags: review?(bugspam.Callek) → review+
Comment on attachment 8760961 [details] [diff] [review] Bug1148087-correct-pip-conf-dir.patch Review of attachment 8760961 [details] [diff] [review]: ----------------------------------------------------------------- ::: modules/python/manifests/user_pip_conf.pp @@ +24,2 @@ > ensure => directory; > + "$homedir_/pip/pip.conf": User "Kwan" on IRC spotted this issue. <Kwan> Callek, markco: I might be missing something obvious, but why doesn't the patch for bug 1148087 also change the file ext to ini? It absolutely should have an ini extension.
Attachment #8760961 - Flags: review+ → review-
Attachment #8760961 - Attachment is obsolete: true
Comment on attachment 8761646 [details] [diff] [review] Bug1148087-correct-pip-conf-dir.patch My bad. I was trying to be quick in getting this done, and missed the obvious.
Attachment #8761646 - Flags: review?(bugspam.Callek)
Comment on attachment 8761646 [details] [diff] [review] Bug1148087-correct-pip-conf-dir.patch Review of attachment 8761646 [details] [diff] [review]: ----------------------------------------------------------------- No worries.
Attachment #8761646 - Flags: review?(bugspam.Callek) → review+
markco, anything blocking the patch landing ?
No, this just fail off my radar. I am going NI myself just as reminder and land it Monday.
Flags: needinfo?(mcornmesser)
Attached patch bug1148087revert.patch (obsolete) — Splinter Review
Attachment #8804479 - Flags: review?(nthomas)
Comment on attachment 8804479 [details] [diff] [review] bug1148087revert.patch Review of attachment 8804479 [details] [diff] [review]: ----------------------------------------------------------------- ::: modules/python/manifests/user_pip_conf.pp @@ +25,1 @@ > content => template("python/user-pip-conf.erb"); I'm confused by this. If we're aiming for %APPDATA%\pip\pip.ini (per the doc in comment #6), and I assume %APPDATA% expands to $homedir_/AppData/Roaming, then why the . in .pip ? To put it another way - when you tested, did you double check it was pulling from our pypi, rather than just not paying attention to the file and using pypi.python.org ?
Oops, I was referring to this diff: - "$homedir_/pip/pip.ini": + "$homedir_/AppData/Roaming/.pip/pip.conf": so pip.ini instead of pip.conf too.
Attached patch bug1148087revert2.patch (obsolete) — Splinter Review
Full revert, so we can get back to a working state,
Attachment #8804479 - Attachment is obsolete: true
Attachment #8804479 - Flags: review?(nthomas)
Attachment #8804493 - Flags: review?(nthomas)
Comment on attachment 8804493 [details] [diff] [review] bug1148087revert2.patch I just backed out the original patch, which we generally do without further review.
Attachment #8804493 - Attachment is obsolete: true
Attachment #8804493 - Flags: review?(nthomas)
Assignee: nobody → mcornmesser
mshal: What is the impact of this? And does this cause any security concerns? grenade: Do you know if this is an issue in task cluster as well? Has this been something you have already solved there? Overall this does not seem to have a trivial fix. In the current state, with USERDIR\.pip\pip.conf, the file is not being used by python. When the file corrected to USERDIR\pip\pip.ini python uses the file but it causes additional issues. Particularly, python starts looking for the prerequisite files in the same directory. Output while running "c:\mozilla-build\python27\python.exe c:/mozilla-build/buildbotve/virtualenv.py -v --no-site-packages --distribute c:\builds\10": Installing pip... Processing pip error: Couldn't find a setup script in C:\Users\Administrator\pip
Flags: needinfo?(rthijssen)
Flags: needinfo?(mshal)
It's been a while, but I think I filed this bug because I added something to our internal pypi, and everything except Windows worked because it pulls from a different location. I don't know the exact reasons why we setup an internal pypi in the first place, but if I had to speculate I would guess that the goal is to avoid relying on external services being available for our builds to work. IOW, if pypi.python.org goes down, we suddenly can't do Windows builds and have no control in getting them working again. I could see security concerns being a reason as well. Might be worth finding someone more familiar with the history here to get some better answers :)
Flags: needinfo?(mshal)
It was to avoid pulling frmo external sites for stability and security reasons, but considering the amount of work likely needed to get this functional (aka, it doesn't appear to be easy), I think we should just fix it in taskcluster and move on.
taskcluster windows builders and testers pull packages from pypi.pub.build.mozilla.org and can additionally pull packages from hosts configured in mozharness configs (find_links). this is currently also limited to pypi.pub.build.mozilla.org. tc workers use global config from C:\ProgramData\pip\pip.ini (downloaded from https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/master/userdata/Configuration/pip.conf during ami creation)
Flags: needinfo?(rthijssen)
It'd be fantastic if we can pick up the taskcluster fix, but we'd have to watch out for version differences in pip and virtualenv which might result in different behaviour.
We are being held back by the version, 1.5.5, of pip that is part of the buildbot virtual env. From the testing I have done, it seems like this version does not pick up the configuration in the ini or the conf file regardless of the location. An updated version will pick up the configuration from C:\ProgramData\pip\pip.ini. If we want to have pip pull from our pypi repo we will need to update pip. Which I don't know if this will cause other issues.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: