1. Forum
  2. Fidonet
  3. COMP.LANG.PYTHON

  • Best Practice Virtual Environment

    From Ulrich Goebel@3:633/280.2 to All on Sun Oct 6 07:27:33 2024
    Hi,

    I learned to use virtual environments where ever possible, and I learned to pip install the required packages there.

    That works quite nice at home. Now I come to deploy a Python script on a debian linux server, making it usable for a couple of users there.

    Debian (or even Python3 itself) doesn't allow to pip install required packages system wide, so I have to use virtual environments even there. But is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    Best regards
    Ulrich

    --
    Ulrich Goebel <ml@fam-goebel.de>

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Cameron Simpson@3:633/280.2 to All on Sun Oct 6 08:59:56 2024
    On 05Oct2024 22:27, Ulrich Goebel <ml@fam-goebel.de> wrote:
    Debian (or even Python3 itself) doesn't allow to pip install required >packages system wide,

    This is gnerally a good thing. You might modify a critical system-used package.

    But is it right, that I have to do that for every single user?

    No. Just make a shared virtualenv, eg in /usr/local or /opt somewhere.
    Have the script commence with:

    #!/path/to/the/shred/venv/bin/python

    and make it readable and executable.

    Problem solved.

    Cheers,
    Cameron Simpson <cs@cskk.id.au>

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Thomas Passin@3:633/280.2 to All on Sun Oct 6 08:31:34 2024
    On 10/5/2024 4:27 PM, Ulrich Goebel via Python-list wrote:
    Hi,

    I learned to use virtual environments where ever possible, and I learned to pip install the required packages there.

    That works quite nice at home. Now I come to deploy a Python script on a debian linux server, making it usable for a couple of users there.

    Debian (or even Python3 itself) doesn't allow to pip install required packages system wide, so I have to use virtual environments even there. But is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    One alternative is to install a different version of Python without
    replacing the system's version. For example, if the system uses Python
    3.11, install Python 3.12. That way there is no risk of breaking system operation, and you can install what you like where you like.

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Karsten Hilbert@3:633/280.2 to All on Sun Oct 6 09:21:09 2024
    Am Sat, Oct 05, 2024 at 10:27:33PM +0200 schrieb Ulrich Goebel via Python-= list:

    Debian (or even Python3 itself) doesn't allow to pip install required pa=
    ckages system wide, so I have to use virtual environments even there. But =
    is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    AFAICT the factual consensus appears to be

    install modules as packaged by the system

    you won't need anything else

    If you do find how to cleanly install non-packaged modules
    in a system-wide way (even if that means installing every
    application into its own *system-wide* venv) - do let me
    know.

    Karsten
    =2D-
    GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Ulrich Goebel@3:633/280.2 to All on Sun Oct 6 07:27:33 2024
    Hi,

    I learned to use virtual environments where ever possible, and I learned to pip install the required packages there.

    That works quite nice at home. Now I come to deploy a Python script on a debian linux server, making it usable for a couple of users there.

    Debian (or even Python3 itself) doesn't allow to pip install required packages system wide, so I have to use virtual environments even there. But is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    Best regards
    Ulrich

    --
    Ulrich Goebel <ml@fam-goebel.de>

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Karsten Hilbert@3:633/280.2 to All on Mon Oct 7 00:44:02 2024
    Am Sun, Oct 06, 2024 at 12:21:09AM +0200 schrieb Karsten Hilbert via Pytho= n-list:

    Am Sat, Oct 05, 2024 at 10:27:33PM +0200 schrieb Ulrich Goebel via Pytho=
    n-list:

    Debian (or even Python3 itself) doesn't allow to pip install required =
    packages system wide, so I have to use virtual environments even there. Bu=
    t is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    If you do find how to cleanly install non-packaged modules
    in a system-wide way (even if that means installing every
    application into its own *system-wide* venv) - do let me
    know.

    It seems dh-virtualenv is one way to do it. On Debian.

    Karsten
    =2D-
    GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From transreductionist@3:633/280.2 to All on Mon Oct 7 04:30:24 2024
    This is how we handle this problem at a large organization.

    In the repository there are a number of build scripts. For convenience we
    use poetry (poetry.toml) to manage the virtual environment. A
    pyproduct.toml is used to define dependencies, how tests are run, the
    linter config, etc.

    So there are scripts for poetry lock, poetry install, and whatever else is needed.

    A user pulls down the repository and runs
    1. poetry lock
    2. poetry install
    And they have their environment with the proper dependencies.

    On Sun, Oct 6, 2024, 09:47 Karsten Hilbert via Python-list < python-list@python.org> wrote:

    Am Sun, Oct 06, 2024 at 12:21:09AM +0200 schrieb Karsten Hilbert via Python-list:

    Am Sat, Oct 05, 2024 at 10:27:33PM +0200 schrieb Ulrich Goebel via
    Python-list:

    Debian (or even Python3 itself) doesn't allow to pip install required
    packages system wide, so I have to use virtual environments even there. But is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    If you do find how to cleanly install non-packaged modules
    in a system-wide way (even if that means installing every
    application into its own *system-wide* venv) - do let me
    know.

    It seems dh-virtualenv is one way to do it. On Debian.

    Karsten
    --
    GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B
    --
    https://mail.python.org/mailman/listinfo/python-list


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From transreductionist@3:633/280.2 to All on Mon Oct 7 04:31:09 2024
    byproduct.toml

    On Sun, Oct 6, 2024, 13:30 transreductionist <transreductionist@gmail.com> wrote:

    This is how we handle this problem at a large organization.

    In the repository there are a number of build scripts. For convenience we
    use poetry (poetry.toml) to manage the virtual environment. A
    pyproduct.toml is used to define dependencies, how tests are run, the
    linter config, etc.

    So there are scripts for poetry lock, poetry install, and whatever else is needed.

    A user pulls down the repository and runs
    1. poetry lock
    2. poetry install
    And they have their environment with the proper dependencies.

    On Sun, Oct 6, 2024, 09:47 Karsten Hilbert via Python-list < python-list@python.org> wrote:

    Am Sun, Oct 06, 2024 at 12:21:09AM +0200 schrieb Karsten Hilbert via
    Python-list:

    Am Sat, Oct 05, 2024 at 10:27:33PM +0200 schrieb Ulrich Goebel via
    Python-list:

    Debian (or even Python3 itself) doesn't allow to pip install required
    packages system wide, so I have to use virtual environments even there. But >> is it right, that I have to do that for every single user?

    Can someone give me a hint to find an howto for that?

    If you do find how to cleanly install non-packaged modules
    in a system-wide way (even if that means installing every
    application into its own *system-wide* venv) - do let me
    know.

    It seems dh-virtualenv is one way to do it. On Debian.

    Karsten
    --
    GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B
    --
    https://mail.python.org/mailman/listinfo/python-list



    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)
  • From Left Right@3:633/280.2 to All on Sun Oct 6 22:42:18 2024
    Hi. The advice here is from a perspective of someone who does this professionally, for large, highly loaded systems. This doesn't
    necessarily apply to your case / not to the full extent.

    Debian (or even Python3 itself) doesn't allow to pip install required packages system wide, so I have to use virtual environments even there. But is it right, that I have to do that for every single user?

    1. Yes, you can install packages system-wide with pip, but you don't need to.

    2. pip is OK to install requirements once, to figure out what they are
    (in dev. environment). It's bad for production environment: it's
    slow, inconsistent, and insecure. For more context: pip dependency
    resolution is especially slow when installing local interdependent
    packages. Sometimes it can take up to a minute per package.
    Inconsistency comes from pip not using package checksums and
    signatures (by default): so, if the package being installed was
    updated w/o version update, to pip it's going to be the same package.
    Not just that, for some packages pip has to resort to building them
    from source, in which case nobody can guarantee the end result.
    Insecurity comes from Python allowing out-of-index package downloads
    during install. You can distribute your package through PyPI, while
    its dependency will point to a random Web site in a country with very permissive laws (and, essentially, just put malware on your computer).
    It's impossible to properly audit such situations because the outside
    Web site doesn't have to provide any security guarantees.


    To package anything Linux-related, use the packaging mechanism
    provided by the flavor of Linux you are using. In the case of Debian,
    use DEB. Don't use virtual environments for this (it's possible to
    roll the entire virtual environment into a DEB package, but that's a
    bad idea). The reason to do this is so that your package plays nice
    with other Python packages available as DEB packages. This will allow
    your users to use a consistent interface when dealing with installing
    packages, and to avoid situation when an out-of-bound tool installed
    something in the same path where dpkg will try to install the same
    files, but coming from a legitimate package. If you package the whole
    virtual environment, you might run into problems with locating native
    libraries linked from Python native modules. You will make it hard to
    audit the installation, especially when it comes to certificates, TLS
    etc. stuff that, preferably, should be handled in a centralized way by
    the OS.

    Of course, countless times I've seen developers do the exact opposite
    of what I'm suggesting here. Also, the big actors in the industry s.a. Microsoft and Amazon do the exact opposite of what I suggest. I have
    no problem acknowledging this and still maintaining that they are
    wrong and I'm right :) But, you don't have to trust me!

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)