I'm pretty sure that most if not all debian packages already ship the required information for pip to see them as installed, and if they are installed and they satisfy the dependency constraints that pip has for those projects, then they'll be used.
The question of having pip automatically install a debian package instead of using PyPI basically comes down to a few problems:
- pip doesn't know how to invoke apt (and yum, and Conda, and everything else).
- how do we translate "foo" on PyPI to the equivalent package in Debian (and Fedora, and Conda, etc)
- how do we handle virtual environments?
Nobody has ever come up with a particularly good answer to those problems, so pip upstream hasn't been able to even consider doing something like that.
Of course Debian could patch it's copy of pip to do that, that would make some of those questions easier, but not all of them, and would drastically diverge it's behavior from the "expected" behavior, which makes it a rough idea in general for Debian to diverge that drastically.
On 2/12/2023 3:18:55 AM, Ian Norton <inorton@gmail.com> wrote:
https://packaging.python.org/en/latest/specifications/recording-installed-packages/
defines the python spec where a package such as pyparsing would create
a tree of files under:
site-packages/pyparsing-3.0.9-dist-info/ including RECORD which is
essentially a sha256-based manifest of files and some others.
On Sun, 12 Feb 2023 at 08:12, Ian Norton
wrote:
>
> You've made me wonder if it would be feasible to have a debian-centric
> tool that populates .dist-info from debs?
>
> On Sun, 12 Feb 2023 at 08:05, Ian Norton wrote:
> >
> > I requested this kind of thing from the pip folks as
> > https://github.com/pypa/pip/issues/11644 and others have requested
> > similar, such as https://github.com/pypa/pip/issues/11607
> >
> > On Sun, 12 Feb 2023 at 04:56, Philippe Cerfon wrote:
> > >
> > > Hey.
> > >
> > > I hope this is not too off topic.
> > >
> > > As far as I understand, dh-python, when building packages somehow
> > > automatically uses the Debian package names and even prevents e.g.
> > > setuptools from downloading any dependencies by setting a (hopefully
> > > not running) proxy.
> > >
> > >
> > > I wondered whether it's possible to make tools like pip and setuptools
> > > directly use the Debian python packages when resolving dependencies.
> > >
> > > The main motivation are security constraints, so I had to configure
> > > pip so that it cannot just download packages from PyPI (which is
> > > rather easy, simply setting no-index in pip.conf).
> > >
> > > But then of course it also fails to e.g. do an editable install of a
> > > locally developed package, when it tries to resolve the dependencies.
> > >
> > > So I wondered whether it's possible to prevent pip from downloading
> > > any remote stuff, while still resolving dependencies (respectively
> > > consider them as being resolved) *if* the package is locally installed
> > > from the Debian archive?
> > > (If a dependency isn't installed from a package it may of course fail.)
> > >
> > >
> > > Thanks,
> > > Philippe.
> > >
> > > PS: Please keep me CCed.
> > >