an approach for inspectable setup scripts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

an approach for inspectable setup scripts

Jason R. Coombs-2

In http://lists.idyll.org/pipermail/testing-in-python/2011-October/004447.html, Barry Warsaw kicked off a discussion on testing various packages within the Python Package Index (pypi). As part of this discussion, I mentioned a technique I’ve been using internally for a while to write setup scripts (old distutils/setuptools style) such that they’re more robust and introspectable.

 

Instead of writing the following in my scripts:

 

from setuptools import setup

setup(

  name = 'foo',

  install_requires = 'bar',

)

 

I write the following:

 

setup_params = dict(

  name = 'foo',

  install_requires = 'bar',

)

 

if __name__ == '__main__':

  from setuptools import setup

  setup(**setup_params)

 

While slightly more verbose, this technique has a couple of benefits. First, it means that code traversal algorithms (such as test discovery) don’t inadvertently execute the setup script. Second, it allows the script to be read via import or execfile without necessarily invoking the setup() function. This allows a third-party product, such as the Cheese Taster to open up a project and easily inspect its setup parameters. Also, you’ll note the setuptools requirement is deferred until the script is run, and isn’t necessary to construct the parameters.

 

Furthermore, if there is other side-effect behavior, it can be invoked from inside the __main__ block.

 

 

I share this with the community for your feedback. Is there any reason this technique shouldn’t be adopted in general? Also, how can a third-party product detect whether a setup script is safe in this way? I don’t think it would be possible in general, but perhaps packagers could include a directive near the head to indicate such. Consider:

 

# -*- script-disposition: import-safe -*-

 

Or similar. Alternatively, a tool could be built to compile and statically analyze the code to detect the presence of setup_params, though would be more likely to encounter false positives.

 

What downsides am I missing? How could this technique be improved? Would it be difficult to take these parameters and generate package metadata (DistributionMetadata) from it?

 

I look forward to any feedback you have.

 

Regards,

Jason R. Coombs

 

 

 


_______________________________________________
Distutils-SIG maillist  -  [hidden email]
http://mail.python.org/mailman/listinfo/distutils-sig

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: an approach for inspectable setup scripts

PJ Eby
On Thu, Oct 27, 2011 at 1:08 PM, Jason R. Coombs <[hidden email]> wrote:

How could this technique be improved?


Use this instead:

 
;-)

(It's more forward-compatible with packaging/distutils2)

_______________________________________________
Distutils-SIG maillist  -  [hidden email]
http://mail.python.org/mailman/listinfo/distutils-sig