Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix multi-digit version in entry point replacement #11547

Merged

Conversation

uranusjr
Copy link
Member

Previously, the special case to generate pip and easy_install entry points with the correct Python version (e.g. pip3.9 on Python 3.9) only accounted for single-digit version segments, and did not work correctly on Python 3.10 and up. This was missed when Python 3.10 was released because we (accidentally) generated wheels that did not need any such replacements, but was exposed in CPython 3.11.0 since it bundled pip 22.3 generated against Python 3.10.

See python/cpython#98682

@uranusjr uranusjr force-pushed the entry-point-python-version-replacement-multi-digit branch from 06e12aa to 24424a9 Compare October 26, 2022 08:45
@uranusjr uranusjr force-pushed the entry-point-python-version-replacement-multi-digit branch from 24424a9 to 7599077 Compare October 26, 2022 08:47
@uranusjr
Copy link
Member Author

Urgh, test failures due to #11541.

@pradyunsg
Copy link
Member

@uranusjr let's skip those tests in this PR, and we'll unskip them in a follow up?

@uranusjr uranusjr force-pushed the entry-point-python-version-replacement-multi-digit branch 2 times, most recently from e5d04d1 to c8010f8 Compare October 26, 2022 22:08
@uranusjr
Copy link
Member Author

Can’t seem to make file: submodule clone to work so I skipped it.

@github-actions github-actions bot added the needs rebase or merge PR has conflicts with current master label Oct 27, 2022
Previously, the special case to generate 'pip' and 'easy_install' entry
points with the correct Python version (e.g. 'pip3.9' on Python 3.9)
only accounted for single-digit version segments, and did not work
correctly on Python 3.10 and up. This was missed when Python 3.10 was
released because we (accidentally) generated wheels that did not need
any such replacements, but was exposed in CPython 3.11.0 since it
bundled pip 22.3 generated against Python 3.10.
@uranusjr uranusjr force-pushed the entry-point-python-version-replacement-multi-digit branch from c8010f8 to 2c195f9 Compare October 27, 2022 17:51
@pypa-bot pypa-bot removed the needs rebase or merge PR has conflicts with current master label Oct 27, 2022
@uranusjr uranusjr added this to the 22.3 milestone Oct 27, 2022
@SpecLad
Copy link
Contributor

SpecLad commented Oct 30, 2022

This is somewhat tangential, but why does pip even define these versioned entry points if it's just going to strip them away later?

@uranusjr uranusjr mentioned this pull request Oct 30, 2022
@uranusjr
Copy link
Member Author

Because not everyone uses pip to install pip, and those who don’t still want those commands.

news/11547.bugfix.rst Outdated Show resolved Hide resolved
tests/unit/test_wheel.py Outdated Show resolved Hide resolved
Co-authored-by: Ed Morley <501702+edmorley@users.noreply.github.com>
@pfmoore pfmoore merged commit 6d13113 into pypa:main Nov 3, 2022
@uranusjr uranusjr deleted the entry-point-python-version-replacement-multi-digit branch November 3, 2022 15:25
pfmoore added a commit to pfmoore/pip that referenced this pull request Nov 5, 2022
…n-replacement-multi-digit

Fix multi-digit version in entry point replacement
@pfmoore
Copy link
Member

pfmoore commented Nov 5, 2022

@uranusjr I've just released 22.3.1 with this PR included. But I'm concerned, because if I create an empty venv, and run the new get-pip.py, I still get pip3.10.exe and pip3.11.exe binaries.

So I don't think this PR fixed the issue properly 🙁

For what it's worth, I built the release using a nox running under Python 3.10.6, and entry_points.txt in the distributed wheel contains

[console_scripts]
pip = pip._internal.cli.main:main
pip3 = pip._internal.cli.main:main
pip3.10 = pip._internal.cli.main:main

@pfmoore
Copy link
Member

pfmoore commented Nov 5, 2022

Never mind, I appear to have messed up the test I did. Sorry for the noise.

inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Nov 8, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.3 to 22.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3.1 (2022-11-05)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix entry point generation of <code>pip.X</code>, <code>pipX.Y</code>, and <code>easy_install-X.Y</code>
to correctly account for multi-digit Python version segments (e.g. the &quot;11&quot;
part of 3.11). (<code>[#11547](pypa/pip#11547) &lt;https://github.com/pypa/pip/issues/11547&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/1463081f10de6bfad81afe0d68272e7c3bedbadf"><code>1463081</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/22fd64ac0b68782acb308e2484b553a2ecadff78"><code>22fd64a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11547">#11547</a> from uranusjr/entry-point-python-version-replacemen...</li>
<li>See full diff in <a href="https://github.com/pypa/pip/compare/22.3...22.3.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.3&new-version=22.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Nov 8, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.3 to 22.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.3.1 (2022-11-05)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix entry point generation of <code>pip.X</code>, <code>pipX.Y</code>, and <code>easy_install-X.Y</code>
to correctly account for multi-digit Python version segments (e.g. the &quot;11&quot;
part of 3.11). (<code>[#11547](pypa/pip#11547) &lt;https://github.com/pypa/pip/issues/11547&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/1463081f10de6bfad81afe0d68272e7c3bedbadf"><code>1463081</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/22fd64ac0b68782acb308e2484b553a2ecadff78"><code>22fd64a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11547">#11547</a> from uranusjr/entry-point-python-version-replacemen...</li>
<li>See full diff in <a href="https://github.com/pypa/pip/compare/22.3...22.3.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.3&new-version=22.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
clementprevot added a commit to clementprevot/aduro that referenced this pull request Nov 16, 2022
Bumps [pip](https://github.com/pypa/pip) from 21.0 to 22.3.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>22.3.1 (2022-11-05)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Fix entry point generation of <code>pip.X</code>,
<code>pipX.Y</code>, and <code>easy_install-X.Y</code>
to correctly account for multi-digit Python version segments (e.g. the
&quot;11&quot;
part of 3.11). (<code>[#11547](pypa/pip#11547)
&lt;https://github.com/pypa/pip/issues/11547&gt;</code>_)</li>
</ul>
<h1>22.3 (2022-10-15)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Deprecate <code>--install-options</code> which forces pip to use the
deprecated <code>install</code>
command of <code>setuptools</code>.
(<code>[#11358](pypa/pip#11358)
&lt;https://github.com/pypa/pip/issues/11358&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when no-binary is
enabled for
source distributions without 'pyproject.toml'.
(<code>[#11452](pypa/pip#11452)
&lt;https://github.com/pypa/pip/issues/11452&gt;</code>_)</li>
<li>Deprecate ```--no-binary`` disabling the wheel cache.
(<code>[#11454](pypa/pip#11454)
&lt;https://github.com/pypa/pip/issues/11454&gt;</code>_)</li>
<li>Remove <code>--use-feature=2020-resolver</code> opt-in flag. This
was supposed to be removed in 21.0, but missed during that release
cycle. (<code>[#11493](pypa/pip#11493)
&lt;https://github.com/pypa/pip/issues/11493&gt;</code>_)</li>
<li>Deprecate installation with 'setup.py install' when the 'wheel'
package is absent for
source distributions without 'pyproject.toml'.
(<code>[#8559](pypa/pip#8559)
&lt;https://github.com/pypa/pip/issues/8559&gt;</code>_)</li>
<li>Remove the ability to use <code>pip list --outdated</code> in
combination with <code>--format=freeze</code>.
(<code>[#9789](pypa/pip#9789)
&lt;https://github.com/pypa/pip/issues/9789&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Use <code>shell=True</code> for opening the editor with <code>pip
config edit</code>.
(<code>[#10716](pypa/pip#10716)
&lt;https://github.com/pypa/pip/issues/10716&gt;</code>_)</li>
<li>Use the <code>data-dist-info-metadata</code> attribute from
:pep:<code>658</code> to resolve distribution metadata without
downloading the dist yet.
(<code>[#11111](pypa/pip#11111)
&lt;https://github.com/pypa/pip/issues/11111&gt;</code>_)</li>
<li>Add an option to run the test suite with pip built as a zipapp.
(<code>[#11250](pypa/pip#11250)
&lt;https://github.com/pypa/pip/issues/11250&gt;</code>_)</li>
<li>Add a <code>--python</code> option to allow pip to manage Python
environments other
than the one pip is installed in.
(<code>[#11320](pypa/pip#11320)
&lt;https://github.com/pypa/pip/issues/11320&gt;</code>_)</li>
<li>Document the new (experimental) zipapp distribution of pip.
(<code>[#11459](pypa/pip#11459)
&lt;https://github.com/pypa/pip/issues/11459&gt;</code>_)</li>
<li>Use the much faster 'bzr co --lightweight' to obtain a copy of a
Bazaar tree. (<code>[#5444](pypa/pip#5444)
&lt;https://github.com/pypa/pip/issues/5444&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <code>--no-index</code> when <code>--index-url</code> or
<code>--extra-index-url</code> is specified
inside a requirements file.
(<code>[#11276](pypa/pip#11276)
&lt;https://github.com/pypa/pip/issues/11276&gt;</code>_)</li>
<li>Ensure that the candidate <code>pip</code> executable exists, when
checking for a new version of pip.
(<code>[#11309](pypa/pip#11309)
&lt;https://github.com/pypa/pip/issues/11309&gt;</code>_)</li>
<li>Ignore distributions with invalid <code>Name</code> in metadata
instead of crashing, when
using the <code>importlib.metadata</code> backend.
(<code>[#11352](pypa/pip#11352)
&lt;https://github.com/pypa/pip/issues/11352&gt;</code>_)</li>
<li>Raise RequirementsFileParseError when parsing malformed requirements
options that can't be sucessfully parsed by shlex.
(<code>[#11491](pypa/pip#11491)
&lt;https://github.com/pypa/pip/issues/11491&gt;</code>_)</li>
<li>Fix build environment isolation on some system Pythons.
(<code>[#6264](pypa/pip#6264)
&lt;https://github.com/pypa/pip/issues/6264&gt;</code>_)</li>
</ul>
<p>Vendored Libraries</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/1463081f10de6bfad81afe0d68272e7c3bedbadf"><code>1463081</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/22fd64ac0b68782acb308e2484b553a2ecadff78"><code>22fd64a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11547">#11547</a>
from uranusjr/entry-point-python-version-replacemen...</li>
<li><a
href="https://github.com/pypa/pip/commit/0a76da3a94130fad58b086e331c3d3e1b02a89eb"><code>0a76da3</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/25638287f8b8bd571a10c4f5ae1b7f4eae454dcc"><code>2563828</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/e86f27fe4ee3fe45fc0fcd2372f71d39d1d013c1"><code>e86f27f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11493">#11493</a>
from pradyunsg/remove-2020-resolver-opt-in</li>
<li><a
href="https://github.com/pypa/pip/commit/1fcc3ce4b531ac6bc80c1d102d4ef9610074e195"><code>1fcc3ce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11514">#11514</a>
from pradyunsg/certifi-update</li>
<li><a
href="https://github.com/pypa/pip/commit/65c23fa99d19af8ebd375e7129213794dce4b4b2"><code>65c23fa</code></a>
Unnormalise the certifi version</li>
<li><a
href="https://github.com/pypa/pip/commit/739158cc80f138dbed9e426f3408811acef2d993"><code>739158c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/pypa/pip/issues/11516">#11516</a>
from pradyunsg/check-manifest</li>
<li><a
href="https://github.com/pypa/pip/commit/4e48bbc31cf34b1b4ccd100a787d1204ddb8866b"><code>4e48bbc</code></a>
Move check-manifest to a CI check</li>
<li><a
href="https://github.com/pypa/pip/commit/1b7e5ef34f926f33fa7932239229220dd65eb7a6"><code>1b7e5ef</code></a>
Upgrade certifi to 2022.9.24</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.0...22.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.0&new-version=22.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants