-- Leo's gemini proxy

-- Connecting to warmedal.se:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini; lang=en

Python Packaging Woes


I've been trying to figure out python3 packaging, but have only had some success. As always I guess it comes down to the combination of me not having the prerequisite knowledge to understand some docs, and me wanting to do something that isn't really supported.


Right now if you want to install my package gemcall this is the command you need to run:


pip3 install git+https://notabug.org/tinyrabbit/gemcall.git#egg=gemcall

I haven't published this package on PyPI for three reasons:


There are already many gemini tools published there.

I don't feel like registering a user.

Being in a public repository like that implies some level of trustworthiness or maintenance commitment. People frequently blindly trust the security of packages, which opens a door to supply chain attacks. And old broken packages are often not removed or updated either.


And I have issues, as I said. First of all, after installing gemcall, the only way to run it is


python3 -m gemcall [OPTIONS]

It would be nice if it was installed somewhere on the user's PATH and could be executed as a standalone. I understand this can be done via entry points somehow, but I haven't really figured out how yet. For my own usage I've simply created an alias, which is a little bit of a hack in my opinion.


Another problem is that of dependencies. If I write a tool that depends on my other tools it causes problems with dependency resolution. The way I understand it is that there are two ways of resolving dependencies:


Via a setup.py file if dynamic.

Via a requirements.txt file if static.


In other words, if I have a package A which depends on a package B which depends on package C and all of them are my own and not published on PyPI, I'm pretty much out of luck. Because setyp.py can't specify versions or source of packages, and requirements.txt complicates the install process.


The pip install statement from above can't resolve the dependencies automatically. The best thing I can do is to list all dependencies for A, B, and C in a requirements.txt file in package A. Which means that the user must install with pip, and then find the directory where the package is only to run


pip3 install -r requirements.txt

I haven't found a solution that both works for me and makes it easy for the end user. Any tips are welcome.


Relevant Links


gemcall, my gemini request library and CLI tool.

Python entry points specification.


-- CC0 ew0k, 2021-09-12

-- Response ended

-- Page fetched on Fri Mar 29 05:05:54 2024