Vendoring-compatible imports #316
Conversation
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Make hash module imports compatible with the vendoring tool. This is trickier than the other cases: * "hash" is a builtin function, overloading that with module name seems bad * the resulting code "hash.digest(algorithm)" reads like hash is an object... Not ideal Luckily there are few functions in the module: Import the functions directly to avoid importing the module.
|
This is ready for review: I've tested this version with pip (it now works without patching securesystemslib) and I've read through the PR again... and decided not to modify it further (without review comments anyway). As a whole PR there is some inconsistency (that I consciously left there but could change):
All of the changes are essentially modifying the import style, the only real changes are
|
There was a problem hiding this comment.
I don't think we need to address it in this PR, but I just noticed that the style guide says that we should not import names from a module:
Use
importstatements for packages and modules only, not for individual classes or functions.
We will want to think about a follow-on PR that addresses the issues arising from this style guide requirement, or documenting why we are not adhering to this aspect of the style guide. Exceptions, formats, and hash are obvious places where this is an issue hash. Perhaps we should file an issue about this?
I noticed that several comments are still using fully-qualified names, especially noticeable where we have comments that state which Exceptions a format module function will throw. I do not thing this is a blocker for this PR, but we should figure out how to handle this. I think it is probably bad practice in general to state in the code comments which exceptions some code might raise, it feels like it would be an unnecessary maintenance burden.
I admit I had either forgotten or misunderstood the google style guide in this. I'm not totally against doing what the style guide says (it would make the PR more consistent and having less exceptions to the style guide is better) but it does feel like a hard requirement -- not having to namespace uniquely named things that are used over and over in the importing module does improve readability. Admittedly there are cases where names aren't quite unique enough and conflicts are more likely. The other case where importing a module seems counterproductive is when there's only one or two things in the module: from tuf.client import updater # import the module, not the class
updater = updater.Updater() # that's not just repetitive, it's also a name clash |
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Import only the FilesystemBackend class when needed: this is compatible with the vendoring tool.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
The aim is to avoid potential conflict with 'process' module.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Rename the import to make it clear this is the python module, use an import line that is compatible with vendoring tool.
Use gpg_util as local name to avoid potential conflicts with the other util module.
Importing individual errors avoids conflict with the other exceptions module in securesystemslib.
Use "from securesystemslib import <mod>" instead of "import securesystemslib.<mod>" to make securesystemslib compatible with the vendoring tool.
Importing the two functions individually seems reasonable here.
The results of the import is same, but new style is compatible with vendoring tool.
Modify the way nacl and cryptography imports are made to make them compatible with vendoring tool.
There is a circular dependency in gpg.constants -> gpg.rsa -> gpg.util -> gpg.constants This is not a problem on python3 or python2 when the imports are done with "import securesystemslib.<mod>" style. However with the "from securesystemslib import <mod>" style python2 decides this is a ImportError. Remove the circular dependency by moving the module variables from constants to another file.
jku
force-pushed
the
vendoring-compatible-imports
branch
from
ae1f611
to
25f112b
Compare
|
Applied all suggestions and rebased as none of the changes were functional, just style. Lukas, please take a look: The resolved discussion is trivial but do check the last comment for the style guide discussion. The latest test failure is a little baffling. I think it's unrelated but... have you seen this before? |
Thanks, will do!
No, I have not. And as coincidence would have it, @SolidifiedRay just notified me about a different and very likely also unrelated issue in the same process module. Let me try if this issue here "goes away" if I restart the build, so that we can merge this PR and troubleshoot the process module separately. |
Looks like it did. But we should still find the cause. |
|
This PR looks good to me. I believe the places we break the style guide are pragmatic choices to minimise the number of changes and/or the potential for problematic changes (for example, reducing the number of new symbols in a scope). |
There was a problem hiding this comment.
Thanks for tackling this tedious task, @jku! LGTM. All the decisions you made make sense in their context, even if you deviate from the style guide.
FYI, I also ran pylint with import-related checks only...
pylint --disable all \
--enable $(pylint --list-msgs | grep import | grep -Eo "[A-Z][0-9]{4}" | tr "\n" ",") \
securesystemslib... and didn't notice anything suspicious.
| @@ -79,7 +79,7 @@ | |||
| import six | |||
|
|
|||
| from securesystemslib import exceptions | |||
| import securesystemslib.schema as SCHEMA | |||
| from securesystemslib import schema as SCHEMA | |||
There was a problem hiding this comment.
I guess you kept as SCHEMA to make the commit less invasive? This might be something to note in the commit message.
There was a problem hiding this comment.
Let me know if you want to reword the commit message. Otherwise, I'll just go ahead and merge. :)
There was a problem hiding this comment.
Yes exactly. And I think I can live with that message if you can :)
This is a sister PR for theupdateframework/python-tuf#1261: it modifies all imports in securesystemlibs to be compatible with vendoring tool (see TUF PR for explanation).
Notes
securesystemslib.settingscode now refers tosettings). In some cases this individual items from the module are imported instead