One alternative way of managing the dependencies is to package the non-binary runtime dependencies (including licenses) with the plugin. This also tackles the problem with different versions of the same requirements between multiple plugins. There is a tool for that https://github.com/nlsfi/qgis-plugin-dev-tools which also has many more useful features for developing QGIS plugins.
One example of plugins using this tool is pickLayer ( https://plugins.qgis.org/plugins/pickLayer/) which bundles https://github.com/GispoCoding/qgis_plugin_tools with it. What do you think about this approach? Regards, Joona ke 23. lokak. 2024 klo 12.01 Info O.GIS via QGIS-Developer < qgis-developer@lists.osgeo.org> kirjoitti: > I also did a similar thing in qgis2web plugin. > I explained to the user that he can install qtwebengine to get the latest > features and to do so he will have to click on a button that indicates that > an installation will start. > Here is the screen: > > > Could it be okay? > > The code: > > *try:* > * if system == 'Windows':* > * pip_exec = os.path.join(sysconfig.get_path("scripts"), > "pip3")* > * env = os.environ.copy()* > * if full_proxy_url:* > * env['http_proxy'] = full_proxy_url* > * env['https_proxy'] = full_proxy_url* > * subprocess.check_call([pip_exec, "install", "--upgrade", > "PyQtWebEngine==5.15.6"], env=env)* > * elif system == 'Linux':* > * subprocess.check_call(["sudo", "apt-get", "install", > "python3-pyqt5.qtwebengine"])* > * elif system == 'Darwin': # macOS* > * subprocess.check_call(["brew", "install", "pyqt5"])* > > > *Andrea Ordonselli* > *O.GIS - **opengis.it <http://opengis.it>* > > > Da "QGIS-Developer" qgis-developer-boun...@lists.osgeo.org > A "Matthias Kuhn" matth...@opengis.ch > Cc "Thomas B via QGIS-Developer" qgis-developer@lists.osgeo.org > Data Wed, 23 Oct 2024 16:16:43 +1000 > Oggetto Re: [QGIS-Developer] How to deal with QGIS plugins which install > additional packages > > > > On Wed, 23 Oct 2024, 4:07 pm Matthias Kuhn, <matth...@opengis.ch> wrote: > >> On Wed, Oct 23, 2024 at 2:49 AM Nyall Dawson via QGIS-Developer < >> qgis-developer@lists.osgeo.org> wrote: >> >>> >>> >>> On Wed, 23 Oct 2024, 9:20 am Greg Troxel via QGIS-Developer, < >>> qgis-developer@lists.osgeo.org> wrote: >>> >>>> Thomas B via QGIS-Developer <qgis-developer@lists.osgeo.org> writes: >>>> >>>> > Dear QGIS-Developers, >>>> > >>>> > Are there any guidelines from the QGIS project regarding whether a >>>> QGIS >>>> > plugin is allowed to autonomously install required packages using PIP >>>> or >>>> > similar tools without manual installation by the user? >>>> > >>>> > While this might seem convenient, I see it as a potential security >>>> risk, >>>> > especially if the user is not explicitly informed about what is >>>> happening >>>> > in the background. >>>> >>>> Agreed this is not ok. I think a plugin downloading anything to be >>>> executed or interpreted should be entirely prohibited. >>>> >>> >>> +1 . This practice should lead to a plugin being removed from the >>> repositories. >>> >>> (Possibly we could do something on the code side too, eg by monkey >>> patching over subprocess/etc and explicitly blocking execution of sip, with >>> a developer-friendly exception stating this policy. It'd be easy for >>> someone motivated to circumvent, but could at least be used to advise >>> plugin developers that this is not acceptable practice...) >>> >> >> We've tried to come up with a more transparent approach with support for >> requirements.txt (see https://github.com/opengisch/qpip). It is using >> pip but with a frontend which informs the user and lets him confirm an >> eventual installation. >> Is this approach generally acceptable? >> > > Well, I definitely trust yourself/OpenGIS significantly more then other > random plugin developers 👍 > > I would personally feel safest if this was something officially endorsed, > with an explicit allow list of acceptable packages. > > > > Nyall > > > >> Matthias >> >> >>> >>> Nyall >>> >>> _______________________________________________ >>>> QGIS-Developer mailing list >>>> QGIS-Developer@lists.osgeo.org >>>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer >>>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >>>> >>> _______________________________________________ >>> QGIS-Developer mailing list >>> QGIS-Developer@lists.osgeo.org >>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer >>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >>> >> _______________________________________________ > QGIS-Developer mailing list > QGIS-Developer@lists.osgeo.org > List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
