-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't depend on the system python #42
Comments
Interesting. I've never seen this before :) @duggelz FYI |
I edited the title because I may have misunderstood how My question about |
Yes, we should respect py_runtime (it's a fairly new addition). I'm not sure it's available to workspace rules, though. |
I personally prefer the rules_go way - where golang downloaded by bazel as external dependency and works without dependency to system golang. Right now I have number of issues from my team related to small differences between "python" in PATH on OSX machines and small differences between python2.7 versions. I want to see bazel as ultimate tool which allows to control which python should be used and bring it. How it looks like with rules_go
|
@excavador That would be useful (and go a long way toward solving issues like #37) |
@excavador I was able to download and compile python in a WORKSPACE rule but unable to use it via We worked around the PATH issues with some
See the Environment Variables design for more info on why the local PATH is mapped into the sandbox environment by default. @mattmoor @duggelz Are |
The primary problem with action_env - you must have some fixed global installation path of python for everybody. |
One of the examples, why this ticket is important: #45 |
I think a good intermediate step is to vendor the dependencies of piptool (pip, setuptools, etc) into this repository in extracted form, and write wrappers around piptool, etc, that do the required PYTHONPATH hacking and mangling to make it work. This doesn't fix the "my Python interpreter is bad" problem, but does fix the "my setuptools is too old", which is probably more common. Talking to the Bazel team today, it sounds like their preference is the creation of Python toolchains, which replace the more limited |
Can we also have an explicit way to specify the runtime? It is a little weird that "py_binary" never explicitly points to the runtime (I'd expect there to be an optional "runtime" attribute that points to this label). It's also weird that "py_runtime" cannot be specified in "WORKSPACE" to dictate a workspace default. |
Updates? |
I think we would need to build CPython from scratch by default then!? |
That's one option, cf. what Dropbox is doing for an example: https://github.com/dropbox/dbx_build_tools Another option that I recently tried is to download an interpreter (and required libraries) from Anaconda. |
With Anaconda I would suspect that it at least is using system libc. Did Dropbox link glibc into the binary? |
It seems that Dropbox is indeed linking glibc into the binary: https://github.com/dropbox/dbx_build_tools/blob/21d3fe06650ce07bcd3dc6acdea573ad3a477aae/build_tools/drte/tools/drte-build.sh#L475 |
I think there is an opportunity there to split this script into smaller Bazel genrules. |
FYI, |
This issue can be used for how rules_python depends on the system Python for the pip integration rules. |
FWIW I ran into this problem and saw it wasn't solved so I just recently published some rules that leverage pyenv to download, compile and register the python toolchain with whatever It's probably a little rough but feedback and PRs are welcome; I just hope what's currently there can help some folks. 😉 🍻 https://github.com/digital-plumbers-union/rules_pyenv |
Is there any way to use the python from those rules with pip_install which currently relies on there being one in your PATH? |
@keith I think the way to do it is to modify the |
There is unfortunately a quirk here, which is you cannot use a toolchain in a repository rule. |
Yes. The fundamental problem is that WORKSPACE evaluation time is when non-hermetic things like network access should happen, and this conceptually occurs before the loading and analysis phase where toolchains and configurations are resolved. You can of course manually set the Python interpreter used by |
Are there theoretical reasons why actions inside WORKSPACE phase could not be hermetic? I would imagine adding hermetic WORKSPACE actions, which wait for all non-hermetic (implicitly) actions. Probably would require to change phases to something more dynamic. |
Take a look at https://github.com/soniaai/rules_poetry As far as I can determine, it defers the fetching of dependency wheels etc until the build phase (after a small bootstrap in repo phase, which also avoids most .par files by also fetching pip itself), which means all of the tooling runs with the toolchain python and each wheel is fetched only when actually depended upon. This seems incredibly elegant, unless I’m missing something... I guess fetching data over network during build phase is frowned upon? Conceptually, could these rules work similarly? As this would remove at least some of the current points where the system python is being used. |
Ah... good point. You'd have to defer the Probably the better thing to do, if there is an interim solution, is to setup an offline mirror when loading the WORKSPACE phase and then defer an offline |
An alternative to building Python manually could be to use indygreg/python-build-standalone. This repo provides completely standalone builds of Python for common platforms and somewhat recently added Would there be interest in adding support to rules_python for it to fetch a prebuilt python from there, much like rules_nodejs pulls in node (IIRC)? I guess this'd need to be opt-in, but would be a huge step up from manually compiling python in a repo rule if you want hermetic behaviour. There's obviously the issue of trusting a 'random' repo with building a core executable, so some collaboration in understanding the build process would be beneficial. As an aside: his pyoxidizer tool (which is what the standalone python builds are for) is also a great thing to look at for the goal of single file python executables to replace |
👋 @aaliddell I think we'll actively pursue this direction, and track discussion in #293 |
As #293 has shipped, I'll close this issue 🙂 . The original comment creating this issue is the following:
and the title is "Don't depend on the system python". Now, considering the stub script shebang it's still strongly arguable that |
The native rules have
py_runtime
but it doesn't look likerules_python
respects it.The text was updated successfully, but these errors were encountered: