[Zope3-dev] More thoughts on packaging
Phillip J. Eby
pje at telecommunity.com
Fri Feb 13 17:49:55 EST 2004
At 05:18 PM 2/13/04 -0500, Jim Fulton wrote:
>Phillip J. Eby wrote:
>>At 01:30 PM 2/13/04 -0500, Jim Fulton wrote:
>>
>>>There seems to be a possible consensus emerging that we should
>>>use a packaging system. I suggest that we should use an existing
>>>system (or systems) such as RPM or the debian system and
>>>provide the ability to generate course-grained distributions
>>>from these systems for those systems (e.g. windows) that either
>>>don't have package systems or don't have package systems that
>>>we support.
>>
>>I haven't been following the packaging discussion that closely, so I may
>>be projecting the following from a different set of requirements in mind
>>than what you have. So, apologies in advance if this is completely
>>off-base from where you're heading...
>
>I'd say that you are on target.
>
>>Suppose that we put dependency metadata in package directories as an
>>extra file, and then we wrote a 'package.py' script that generates a
>>custom 'setup.py' from the metadata, based on an intended target. E.g.
>>'package.py sometarget'.
>>Advantages:
>>* Leverages distutils packaging system support, since you can build
>>Windows .exes, RPMs, source tarballs, etc.
>>* Takes advantage of any future distutils support for additional
>>packaging systems
>>* Keeps the metadata lightweight and focused on Zope-specific needs
>>* Doesn't require anyone to learn another "full" packaging system
>
>Yup.
>
>I thnink that dependencies are one central issue that is going
>to be critical if we do fine-grained packaging.
>
>>Disadvantages:
>>* Has to be written (but is relatively lightweight)
>>
>>The metadata could actually be provided in the form of a Python module
>>(e.g. '__setup__.py') that defines any extensions, datafiles, etc., as
>>well as "provides" and "requires" keys.
>
>"provides" and "requires"? I assume that "requires" expresses the
>dependencies. What is "provides" for?
That's if we say that a bundle may offer one or more "features" that other
bundles require. For example, the 'zope.interface' package might "provide"
the "feature" 'zope.interface v1.03'. Another package might specify that
it requires 'zope.interface v1.05', and thus won't work with the other
package.
It might be more useful to have make versions more explicit, instead. My
draft of the concept was borrowed from certain 'init' implementations that
do dependency resolution. A given script might say that it depends on the
'http' service, but the 'apache' script says that it "provides" 'http' and
'https'.
Anyway, feel free to simplify/discard/whatever; I just was throwing this
out as an idea of a possible general direction to take. I'm not really
particular about the details at the moment. :)
>>The 'package.py' script would write a 'setup.py' script that would look
>>something like:
>>execfile('setupstuff/prologue.py')
>>gatherSetup('src/some/pkg1/__setup__.py')
>>gatherSetup('src/other/something/__setup__.py')
>
>why 2 gather setups? Is this for a distribution package that
>includes 2 Python packages?
Or maybe 2 "bundles", where there is some mapping between bundles and
packages. I'm being somewhat vague and handwavy here. Also, Fred
suggested replacing all that with one function call and a list of
packages/bundles/directories/whatever, which certainly works too.
>># ... etc, etc.
>>execfile('setupstuff/epilogue.py')
>>Based on sorting out the dependencies. 'epilogue' would then call the
>>distutils 'setup' function with the accumulated data.
>
>How does it sort out the dependencies?
By looking at the metadata, and creating a list of all the setup metadata
snippets that would constitute a distribution with all the dependencies
satisfied.
> Does it retrieve other packages?
>Does it assume that they are around and just need to be installed?
The mental model I have in mind is that you have a "complete" source
distribution from which you are "packaging" things. So, let's say I wanted
to make a "mini-Me" Zope distro that had only what was needed to support
'zope.publisher'. I would check-out the entire Zope X3 source tree, and
run something like 'package.py zope.publisher' (?) and then run setup.py to
create source and binary distributions.
This is the aspect I thought might be off-base from where you're
headed. My presumption here was not to make it possible for an end-user to
wave a magic wand and download/install dependencies, as that seems like a
future distutils function. Instead, I was targeting the ability to *make*
distribution packages, if one had the source of the things one wanted to
package.
Of course, it *would* be pretty cool if it could download dependencies. If
package metadata files (and their dependencies) were accessed/referenced by
URLs, and there were standardized formats/methods/locations for
downloading... Hm. But then there are issues with things like the running
of untrusted code, etc. etc. I think it'd be better to require the user to
have everything needed already unpacked on the local machine, in a
known/standard directory structure. The 'package.py' program will have to
tell you about missing dependencies anyway, so you'll at least get a list
of things you need to download. Anyway, this keeps the scope of the effort
from exploding into "rewrite distutils" territory.
More information about the Zope3-dev
mailing list