Drop setuptools from critical package list

9a68da31 · Arun Babu Neelicattu · f739381e · 9a68da31 · 9a68da31 · 9a68da31
Commit 9a68da31 authored Aug 18, 2020 by Arun Babu Neelicattu
9 changed files
--- a/poetry.lock
+++ b/poetry.lock
--- a/poetry/installation/pip_installer.py
+++ b/poetry/installation/pip_installer.py
@@ -2,6 +2,7 @@ import os
 import tempfile
 import urllib.parse

+from pathlib import Path
 from subprocess import CalledProcessError
 from typing import TYPE_CHECKING
 from typing import Any
@@ -9,14 +10,15 @@ from typing import Union

 from cleo.io.io import IO

+from poetry.installation.base_installer import BaseInstaller
 from poetry.core.pyproject.toml import PyProjectTOML
 from poetry.repositories.pool import Pool
 from poetry.utils._compat import encode
 from poetry.utils.env import Env
+from poetry.utils.env import EnvManager
+from poetry.utils.env import VirtualEnv
 from poetry.utils.helpers import safe_rmtree
-
-from .base_installer import BaseInstaller
-
+from poetry.utils.helpers import temporary_directory

 if TYPE_CHECKING:
    from poetry.core.packages.package import Package
@@ -193,7 +195,7 @@ class PipInstaller(BaseInstaller):
        else:
            req = os.path.realpath(package.source_url)

-        args = ["install", "--no-deps", "-U"]
+        args = ["install", "--no-deps", "-U", "--root", str(self._env.path)]

        pyproject = PyProjectTOML(os.path.join(req, "pyproject.toml"))

@@ -239,7 +241,11 @@ class PipInstaller(BaseInstaller):

        args.append(req)

-        return self.run(*args)
+        with temporary_directory() as tmp_dir:
+            venv_dir = Path(tmp_dir) / ".venv"
+            EnvManager.build_venv(venv_dir.as_posix(), with_pip=True)
+            venv = VirtualEnv(venv_dir, venv_dir)
+            return venv.run("pip", *args)

    def install_git(self, package: "Package") -> None:
        from poetry.core.packages.package import Package

--- a/poetry/puzzle/provider.py
+++ b/poetry/puzzle/provider.py
@@ -54,7 +54,7 @@ class Indicator(ProgressIndicator):

 class Provider:

-    UNSAFE_PACKAGES = {"setuptools"}
+    UNSAFE_PACKAGES = set()

    def __init__(
        self, package: Package, pool: Pool, io: Any, env: Optional[Env] = None

--- a/poetry/utils/env.py
+++ b/poetry/utils/env.py
@@ -826,8 +826,7 @@ class EnvManager(object):
        ]

        if not with_pip:
-            # we cannot drop setuptools yet because we do editable installs (git, path) in project envs
-            args.extend(["--no-pip", "--no-wheel"])
+            args.extend(["--no-pip", "--no-wheel", "--no-setuptools"])

        for flag, value in flags.items():
            if value is True:

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,6 +53,7 @@ tox = "^3.0"
 pytest-sugar = "^0.9.2"
 httpretty = "^1.0"
 zipp = { version = "^3.4", python = "<3.8"}
+deepdiff = "^5.0.2"
 # temporary workaround for https://github.com/python-poetry/poetry/issues/3404
 urllib3 = "1.25.10"


--- a/tests/installation/fixtures/with-pypi-repository.test
+++ b/tests/installation/fixtures/with-pypi-repository.test
@@ -66,6 +66,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
 py = ">=1.5.0"
 six = ">=1.10.0"
 attrs = ">=17.4.0"
+setuptools = "*"
 more-itertools = ">=4.0.0"
 pluggy = ">=0.5,<0.7"
 funcsigs = {"version" = "*", "markers" = "python_version < \"3.0\""}
@@ -79,6 +80,18 @@ category = "dev"
 optional = false
 python-versions = "*"

+[[package]]
+name = "setuptools"
+version = "39.2.0"
+description = "Easily download, build, install, upgrade, and uninstall Python packages"
+category = "dev"
+optional = false
+python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*"
+
+[package.extras]
+certs = ["certifi (==2016.9.26)"]
+ssl = ["wincertstore (==0.2)"]
+
 [metadata]
 python-versions = "*"
 lock-version = "1.1"
@@ -113,6 +126,10 @@ pytest = [
    {file = "pytest-3.5.0-py2.py3-none-any.whl", hash = "sha256:6266f87ab64692112e5477eba395cfedda53b1933ccd29478e671e73b420c19c"},
    {file = "pytest-3.5.0.tar.gz", hash = "sha256:fae491d1874f199537fd5872b5e1f0e74a009b979df9d53d1553fd03da1703e1"},
 ]
+setuptools = [
+    {file = "setuptools-39.2.0-py2.py3-none-any.whl", hash = "sha256:8fca9275c89964f13da985c3656cb00ba029d7f3916b37990927ffdf264e7926"},
+    {file = "setuptools-39.2.0.zip", hash = "sha256:f7cddbb5f5c640311eb00eab6e849f7701fa70bf6a183fc8a2c33dd1d1672fb2"},
+]
 six = [
    {file = "six-1.11.0-py2.py3-none-any.whl", hash = "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"},
    {file = "six-1.11.0.tar.gz", hash = "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"},

--- a/tests/installation/test_installer.py
+++ b/tests/installation/test_installer.py
@@ -13,6 +13,7 @@ from cleo.io.null_io import NullIO
 from cleo.io.outputs.buffered_output import BufferedOutput
 from cleo.io.outputs.output import Verbosity

+from deepdiff import DeepDiff
 from poetry.core.packages.project_package import ProjectPackage
 from poetry.core.toml.file import TOMLFile
 from poetry.factory import Factory
@@ -404,7 +405,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
    installed.add_package(package_b)
    installed.add_package(package_c)
    installed.add_package(package_pip)
-    installed.add_package(package_setuptools)  # Always required and never removed.
+    installed.add_package(package_setuptools)
    installed.add_package(package)  # Root package never removed.

    package.add_dependency(Factory.create_dependency("A", "~1.0"))
@@ -414,8 +415,10 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe

    assert 0 == installer.executor.installations_count
    assert 0 == installer.executor.updates_count
-    assert 3 == installer.executor.removals_count
-    assert {"b", "c", "pip"} == set(r.name for r in installer.executor.removals)
+    assert 4 == installer.executor.removals_count
+    assert {"b", "c", "pip", "setuptools"} == set(
+        r.name for r in installer.executor.removals
+    )


 def test_run_whitelist_add(installer, locker, repo, package):
@@ -831,7 +834,7 @@ def test_installer_with_pypi_repository(package, locker, installed, config):

    expected = fixture("with-pypi-repository")

-    assert locker.written_data == expected
+    assert not DeepDiff(locker.written_data, expected, ignore_order=True)


 def test_run_installs_with_local_file(installer, locker, repo, package, fixture_dir):
@@ -1612,7 +1615,7 @@ def test_installer_required_extras_should_not_be_removed_when_updating_single_de
    installer.whitelist(["pytest"])
    installer.run()

-    assert 6 == installer.executor.installations_count
+    assert 7 == installer.executor.installations_count
    assert 0 == installer.executor.updates_count
    assert 0 == installer.executor.removals_count


--- a/tests/installation/test_installer_old.py
+++ b/tests/installation/test_installer_old.py
@@ -8,6 +8,7 @@ import pytest

 from cleo.io.null_io import NullIO

+from deepdiff import DeepDiff
 from poetry.core.packages.project_package import ProjectPackage
 from poetry.core.toml.file import TOMLFile
 from poetry.factory import Factory
@@ -330,7 +331,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
    installed.add_package(package_b)
    installed.add_package(package_c)
    installed.add_package(package_pip)
-    installed.add_package(package_setuptools)  # Always required and never removed.
+    installed.add_package(package_setuptools)
    installed.add_package(package)  # Root package never removed.

    package.add_dependency(Factory.create_dependency("A", "~1.0"))
@@ -345,7 +346,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
    assert len(updates) == 0

    removals = installer.installer.removals
-    assert set(r.name for r in removals) == {"b", "c", "pip"}
+    assert set(r.name for r in removals) == {"b", "c", "pip", "setuptools"}


 def test_run_whitelist_add(installer, locker, repo, package):
@@ -738,7 +739,7 @@ def test_installer_with_pypi_repository(package, locker, installed, config):

    expected = fixture("with-pypi-repository")

-    assert locker.written_data == expected
+    assert not DeepDiff(locker.written_data, expected, ignore_order=True)


 def test_run_installs_with_local_file(installer, locker, repo, package, fixture_dir):
@@ -1509,7 +1510,7 @@ def test_installer_required_extras_should_not_be_removed_when_updating_single_de
    installer.whitelist(["pytest"])
    installer.run()

-    assert len(installer.installer.installs) == 6
+    assert len(installer.installer.installs) == 7
    assert len(installer.installer.updates) == 0
    assert len(installer.installer.removals) == 0


--- a/tests/puzzle/test_solver.py
+++ b/tests/puzzle/test_solver.py
@@ -2403,6 +2403,7 @@ def test_solver_remove_untracked_single(package, pool, installed, locked, io):
    check_solver_result(ops, [{"job": "remove", "package": package_a}])


+@pytest.mark.skip(reason="Poetry no longer has critical package requirements")
 def test_solver_remove_untracked_keeps_critical_package(
    package, pool, installed, locked, io
 ):