On Mon, Nov 25, 2019 at 04:02:13PM +1100, Ian Wienand wrote: > Hello, > > Today I force-merged [5] to avoid widespread gate breakage. Because > the change is in zuul-jobs, we have a policy of annoucing > deprecations. I've written the following but not sent it to > zuul-announce (per policy) yet, as I'm not 100% confident in the > explanation. > > I'd appreciate it if, once proof-read, someone could send it out > (modified or otherwise). > > Thanks, > Greetings!
Rather then force merge, and potential break other zuul installs. What about a new feature flag, that was still enabled but have openstack base jobs disabled? This would still allow older versions of setuptools to work I would guess? That said, ansible Zuul is not affected as we currently fork configure-mirrors for our open puproses, I'll check now that we are also not affected. > -i > > -- > > Hello, > > The recent release of setuptools 42.0.0 has broken the method used by > the configure-mirrors role to ensure easy_install (the older method of > install packages, before pip became in widespread use [1]) would only > access the PyPi mirror. > > The prior mirror setup code would set the "allow_hosts" whitelist to > the mirror host exclusively in pydistutils.cfg. This would avoid > easy_install "leaking" access outside the specified mirror. > > Change [2] in setuptools means that pip is now used to fetch packages. > Since it does not implement the constraints of the "allow_hosts" > setting, specifying this option has become an error condition. This > is reported as: > > the `allow-hosts` option is not supported 'when using pip to install > requirements > > It has been pointed out [3] that this prior code would break any > dependency_links [4] that might be specified for the package (as the > external URLs will not match the whitelist). Overall, there is no > desire to work-around this behaviour as easy_install is considered > deprecated for any current use. > > In short, this means the only solution is to remove the now > conflicting configuration from pydistutils.cfg. Due to the urgency of > this update, it has been merged with [5] before our usual 2-week > deprecation notice. > > The result of this is that older setuptools (perhaps in a virtualenv) > with jobs still using easy_install may not correctly access the > specified mirror. Assuming jobs have access to PyPi they would still > work, although without the benefits of a local mirror. If such jobs > are firewalled from usptream they may now fail. We consider the > chance of jobs using this legacy install method in this situation to > be very low. > > Please contact zuul-discuss [6] with any concerns. > > We now return you to your regularly scheduled programming :) > > [1] https://packaging.python.org/discussions/pip-vs-easy-install/ > [2] > https://github.com/pypa/setuptools/commit/d6948c636f5e657ac56911b71b7a459d326d8389 > [3] https://github.com/pypa/setuptools/issues/1916 > [4] https://python-packaging.readthedocs.io/en/latest/dependencies.html > [5] https://review.opendev.org/695821 > [6] http://lists.zuul-ci.org/cgi-bin/mailman/listinfo/zuul-discuss > > > _______________________________________________ > OpenStack-Infra mailing list > OpenStack-Infra@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra _______________________________________________ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
