-
-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop bundling setuptools for Python 3.12+ #300
Comments
For parity with the `ensurepip` and `venv` modules, which no longer install setuptools as of Python 3.12: - python/cpython#95299 - python/cpython@ece20db Fixes astral-sh#300.
I've opened #301 to fix this. |
Hi Ed. Thanks for pointing out the discrepancy between our distributions and the official CPython ones. Aside from parity with CPython, can you articulate any harms from continuing to ship setuptools? When creating this project several years ago, I made the decision to distribute a modern pip and setuptools with the distributions - newer versions than what CPython's distributions were shipping via Fast forward a few years. The Python packaging space has definitely evolved. I still think it makes sense to have setuptools in the base distribution because a lot of packages out there still use setuptools as their build backend. Since I think that having setuptools in the distribution may actually benefit end-users by eliminating a potential source of insecurity by having to go to the internet and download setuptools without content integrity protection. Or do modern build frontends and their build isolation always need a setuptools wheel and thus always attempt to download a setuptools wheel, ignoring the setuptools install already in the distribution? If so, then I can possibly be convinced that setuptools in the distribution is adding no value (in 3.12+) and should be jettisoned. |
Mainly that inconsistency within the ecosystem is potentially confusing for end users, and also unfairly penalises tools/environments that are trying to do the right thing and already match the stdlib's behaviour. As a secondary benefit, dropping setuptools reduces the download size and size of the install on disk (or in image).
Good question :-) As of pip v23.1+, pip will now default to PEP-517 style build isolation if the (This is on top of the pip v22.1+ behaviour of using build isolation if As such, given that the Python builds produced by this repo don't include Plus for projects that have switched to an explicit |
I'm not swayed by inconsistency arguments: Python bootstrapping and packaging has been a hot mess for 2 decades and I think it is important to challenge what CPython and the PyPA ecosystem of tools are doing because clearly there are shortcomings. End-users are harmed by these shortcomings and I would like to avoid perpetuating sub-optimal state if possible.
My knee jerk upon reading this was oh no, we should distribute Then I read:
So I guess the Since I've been told So unless there's a compelling argument I'm missing, let's drop |
Yeah, for packages that have migrated from In addition, for any users that use these Python builds and always create a virtual environment using either |
For parity with the `ensurepip` and `venv` modules, which no longer install setuptools as of Python 3.12: - python/cpython#95299 - python/cpython@ece20db Fixes astral-sh#300.
Yeah, in uv we won't pull setuptools from the distribution without explicit opt-in to disable build isolation. Similarly, uv doesn't install any seed packages into virtual environments by default. |
Agreed, though IMO there is definitely something package managers can do about it. And whilst it seems there isn't the appetite or resources to tackle this in pip (xref pypa/pip#12942 / pypa/pip#12956), the comments in astral-sh/uv#5190 make me hopeful that it may be something uv can do in the future :-) |
In Python 3.12, the stdlib's
ensurepip
andvenv
modules were updated to no longer installsetuptools
alongside pip. This was viable since as of pip v22.1, for pre-PEP-517/518 packages pip will now default to the isolated build environment mode (along with a fallback legacy setuptools build backend, with setuptools and wheel automatically installed), if the setuptools package isn't installed globally.As such, when using the default Python configure options (which include
--with-ensurepip
, which causes ensurepip to run during the build), the resultant Python build only includes pip and not setuptools for Python 3.12+.For example, this then means the Python distribution used by the official GitHub Actions setup-python action (which don't override the upstream CPython configure defaults) automatically only ships setuptools for Python 3.11 and older:
However, the builds performed by this project configure Python using
--without-ensurepip
, and then manually install pip and setuptools afterwards:https://github.com/indygreg/python-build-standalone/blob/90d40b46d929eabafee1e3320ab54d32efdf258e/cpython-unix/build-cpython.sh#L546-L547
This means that when Python 3.12 builds were added in 2a5f3a9 they didn't automatically pick up this upstream CPython change.
For parity with upstream Python's behaviour, the builds here should stop explicitly installing setuptools for Python 3.12+.
See also:
setuptools
andwheel
by default on Python 3.12+ environments pypa/virtualenv#2487The text was updated successfully, but these errors were encountered: