We've also considered using truncated SHA-256 hashes. Then the tag would
not be readable, but it would always be the same length.
On Thu, Aug 20, 2015 at 2:27 PM Nate Coraor <n...@bx.psu.edu> wrote:
> On Fri, Aug 14, 2015 at 3:38 AM, Nathaniel Smith <n...@pobox.com> wrote:>>> On Thu, Aug 13, 2015 at 7:27 PM, Robert Collins>> <robe...@robertcollins.net> wrote:>> > On 14 August 2015 at 14:14, Nathaniel Smith <n...@pobox.com> wrote:>> > ...>>> >> Of course if you have an alternative proposal than I'm all ears :-).>> >>> > Yeah :)>> >>> > So, I want to dedicate some time to contributing to this discussion>> > meaningfully, but I can't for the next few weeks - Jury duty, Kiwi>> > PyCon and polishing up the PEP's I'm already committed to...>>>> Totally hear that... it's not super urgent anyway. We should make it>> clear to Nate -- hi Nate! -- that there's no reason that solving this>> problem should block putting together the basic>> binary-compatibility.cfg infrastructure.>>>> Hi!>> I've been working on bits of this as I've also been working on, as a test> case, building out psycopg2 wheels for lots of different popular distros on> i386 and x86_64, UCS2 and UCS4, under Docker. As a result, it's clear that> my Linux distro tagging work in wheel's pep425tags has some issues. I've> been adding to this list of distributions but it's going to need a lot more> work:>>> https://bitbucket.org/pypa/wheel/pull-requests/54/soabi-2x-platform-os-distro-support-for/diff#Lwheel/pep425tags.pyT61>> So I need a bit of guidance here. I've arbitrarily chosen some tags -> `rhel` for example - and wonder if, like PEP 425's mapping of Python> implementations to tags, a defined mapping of Linux distributions to> shorthand tags is necessary (of course this would be difficult to keep up> to date, but binary-compatibility.cfg would make it less relevant in the> long run).>> Alternatively, I could simply trust and normalize> platform.linux_distribution(), but this means that the platform tag on> RHEL would be something like> `linux_x86_64_red_hat_enterprise_linux_server_6_5`>> Finally, by *default*, the built platform tag will include whatever> version information is provided in platform.linux_distribution(), but> the "major-only" version is also included in the list of platforms, so a> default debian tag might look like `linux_x86_64_debian_7_8`, but it would> be possible to build (and install) `linux_x86_64_debian_7`. However, it may> be the case that the default (at least for building, maybe not for> installing) ought to be the major-only tag since it should really be ABI> compatible with any minor release of that distro.>> --nate>>>>> > I think the approach of being able to ask the *platform* for things>> > needed to build-or-use known artifacts is going to enable a bunch of>> > different answers in this space. I'm much more enthusiastic about that>> > than doing anything that ends up putting PyPI in competition with the>> > distribution space.>> >>> > My criteria for success are:>> >>> > - there's *a* migration path from what we have today to what we>> > propose. Doesn't have to be good, just exist.>> >>> > - authors of scipy, numpy, cryptography etc can upload binary wheels>> > for *linux, Mac OSX and Windows 32/64 in a safe and sane way>>>> So the problem is that, IMO, "sane" here means "not building a>> separate wheel for every version of distro on distrowatch". So I can>> see two ways to do that:>> - my suggestion that we just pick a particular highly-compatible>> distro like centos 5 to build against, and make a standard list of>> which libraries can be assumed to be provided>> - the PEP-497-or-number-to-be-determined approach, in which we still>> have to pick a highly-compatible distro like centos 5 to build>> against, but each wheel has a list of which libraries from that distro>> it is counting on being provided>>>> I can see the appeal of the latter approach, since if you want to do>> the former approach right you need to be careful about exactly which>> libraries you're assuming are present, etc. They both could work. But>> in practice, you still have to pick which distro you are going to use>> to build, and you still have to say "when I say I need libblas.so.1,>> what I mean is that I need a file that is ABI-compatible with the>> version of libblas.so.1 that existed in centos 5 exactly, not any>> other libblas.so.1". And then in practice not every distro will have>> such a thing, so for a project like numpy that wants to make things>> easy for a wide variety of users, we'll still only be able to take>> advantage of external dependencies for libraries that are effectively>> universally available and compatible anyway and end up vendoring the>> rest... so in the end basically we'd be distributing exactly the same>> wheels under either of these proposals, just the latter requires a>> much much more complicated scheme for metadata and installation.>>>> And in practice I think the main alternative possibility if we don't>> come up with some solid guidance for how packages can build>> works-everywhere-wheels is that we'll see wheels for>> latest-version-of-Ubuntu-only, plus the occasional smattering of other>> distros, varying randomly on a project-by-project basis. Which would>> suck.>>>> > - we don't need to do things like uploading wheels containing>> > non-Python shared libraries, nor upload statically linked modules>> >>> >>> > In fact, I think uploading regular .so files is just a huge heartache>> > waiting to happen, so I'm almost inclined to add:>> >>> > - we don't support uploading external non-Python libraries [ without>> > prejuidice for changing our minds in the future]>>>> Windows and OS X don't (reliably) have any package manager. So PyPI>> *is* inevitably going to contain non-Python shared libraries or>> statically linked modules or something like that. (And in fact it>> already contains such things today.) I'm not sure what the alternative>> would even be.>>>> This also means that projects like numpy are already forced to accept>> that we're on the hook for security updates in our dependencies etc.,>> so doing it on Linux too is not really that scary.>>>> Oh, I just thought of another issue: an extremely important>> requirement for numpy/scipy/etc. wheels is that they be reliably>> installable without root access. People *really* care about this:>> missing your grant deadline b/c you can't upgrade some package to fix>> some showstopper bug b/c university IT support is not answering calls>> at midnight on Sunday = rather poor UX.>>>> Given that, the only situation I can see where we would ever>> distribute wheels that require system blas on Linux, is if we were>> able to do it alongside wheels that do not require system blas, and>> pip were clever enough to reliably always pick the latter except in>> cases where the system blas was actually present and working.>>>> > There was a post that referenced a numpy ABI, dunno if it was in this>> > thread - I need to drill down into that, because I don't understand>> > why thats not a regular version resolution problem,unlike the Python>> > ABI, which pip can't install [and shouldn't be able to!]>>>> The problem is that numpy is very unusual among Python packages in>> that exposes a large and widely-used *C* API/ABI:>>>> http://docs.scipy.org/doc/numpy/reference/c-api.html>>>> This means that when you build, e.g., scipy, then you get a binary>> that depends on things like the in-memory layout of numpy's internal>> objects. We'd like it to be the case that when we release a new>> version of numpy, pip could realize "hey, this new version says it has>> an incompatible ABI that will break your currently installed version>> of scipy -- I'd better fetch a new version of scipy as well, or at>> least rebuild the same version I already have". Notice that at the>> time scipy is built, it is not known which future version of numpy>> will require a rebuild. There are a lot of ways this might work on>> both the numpy and pip sides -- definitely fodder for a separate>> thread -- but that's the basic problem.>>>> -n>>>> -->> Nathaniel J. Smith -- http://vorpus.org>>> _______________________________________________> Distutils-SIG maillist - Dist...@python.org> https://mail.python.org/mailman/listinfo/distutils-sig>
Distutils-SIG maillist - Dist...@python.org