Hi John, A former colleague of mine developed "qpip". This is meant as a pip dependency manager for plugins and will install any additional dependencies from a supplied requirements.txt in a controlled way into the user profile folder.
There has never been any big announcement done regarding this plugin, but it's the best "pip"-like integration into QGIS which I am aware of. https://github.com/opengisch/qpip Kind regards Matthias On Fri, Jan 19, 2024 at 6:13 PM Greg Troxel via QGIS-Developer < qgis-developer@lists.osgeo.org> wrote: > John Lindsay via QGIS-Developer <qgis-developer@lists.osgeo.org> writes: > > > Besides, a better solution would be for the plugin to install this > > package via pip when it is itself first installed and launched. I > > tried to accomplish this with the following code: > > > > > https://github.com/jblindsay/whitebox_workflows_for_qgis/blob/4e463262f6cfd1987afa2f3f7e0e79656eb8d27e/whitebox_workflows_for_qgis_provider.py#L56 > > > > This code, which runs whenever the plugin is launched, first checks to > > see if whitebox_workflows can be imported and if not, it runs pip from > > the Python script to install it. Unfortunately, some users have > > reported issues with this not working correctly: > > (Writing from the UNIX perspective.) > > Perhaps biased by my packaing background, I view any code that downloads > other code at runtime (without an explicit user request) as a security > bug. This is especially true if it isn't getting sources pinned to a > version and validated by checksum. > > That said, there's a lot of interesting questions about how to deal with > dependencies of plugins. For qgis itself, dependencies are properly > dealt with by a packaging system and that seems ok. > > For plugins, I could see treating them as python modules and packaging > them, but qgis wants to have its own package management system. > > qgis is usually installed, via packaging, globally (/usr or /usr/pkg, or > similar). The immediate question is where plugins go. I'd expect them > to be in the user's file area vs system, unless installing them in some > administrator role. The next question is, if they depend on something, > what prefixes and install methods are expected for those things, both > regular packages (programs and shlibs) and python modules. Which is > partly/mostly about what the search paths are in the plugin execution > environment. > > Overall, I'd rather see plugins fail with a message and leave > installation as a manual decision than have plugins run pip install. > But I get it that most people probably don't see it that way. > _______________________________________________ > QGIS-Developer mailing list > QGIS-Developer@lists.osgeo.org > List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
