Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2005453 - pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/
Summary: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-pip
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Python Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 2006788 2006789 2006790 2006792 2006795
TreeView+ depends on / blocked
 
Reported: 2021-09-17 17:27 UTC by Miro Hrončok
Modified: 2023-02-10 16:35 UTC (History)
11 users (show)

Fixed In Version: python-pip-21.2.3-4.fc36 python-pip-21.0.1-4.fc34 python-pip-20.2.2-4.fc33 python-pip-21.2.3-3.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-06 20:37:01 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Miro Hrončok 2021-09-17 17:27:05 UTC
Apparently, we distribute pre-built .exe files with pip on all Fedora releases :(

$ repoquery --repo=rawhide -l python3-pip | grep exe$
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/w64.exe

$ repoquery --repo={fedora,updates} --latest=1 --releasever=35 -l python3-pip | grep exe$
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.10/site-packages/pip/_vendor/distlib/w64.exe

$ repoquery --repo={fedora,updates} --latest=1 --releasever=34 -l python3-pip | grep exe$
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w64.exe

$ repoquery --repo={fedora,updates} --latest=1 --releasever=33 -l python3-pip | grep exe$
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w64.exe




The actual python-distlib package removes those in %prep. I think we should do the same.

Comment 1 Miro Hrončok 2021-09-17 17:31:04 UTC
This also affects RHEL 9 (for Python 3.9) and RHEL 8 (for Python 2.7, 3.6, 3.8, and 3.9).

[root@fff08df4321d /]# find /usr/lib -name '*.exe'
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/w64.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.8/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.8/site-packages/pip/_vendor/distlib/w64.exe
/usr/lib/python3.8/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.8/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/w64.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.9/site-packages/pip/_vendor/distlib/t64.exe
/usr/lib/python2.7/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python2.7/site-packages/pip/_vendor/distlib/w64.exe
/usr/lib/python2.7/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python2.7/site-packages/pip/_vendor/distlib/t64.exe

This does also affects RHEL 7 (for Python 2.7):

[root@3715e294e7ae /]# find /usr/lib -name '*.exe'
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/w32.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/w64.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/t32.exe
/usr/lib/python3.6/site-packages/pip/_vendor/distlib/t64.exe

Comment 3 Miro Hrončok 2021-09-17 17:50:55 UTC
> This does also affects RHEL 7 (for Python 2.7)

I've meant for Python 3.6. We don't ship pip for 2.7 there.

Comment 4 Victor Stinner 2021-09-22 13:42:00 UTC
FYI it seems like distlib/*.exe are generated from PC/launcher.c. Example: https://bitbucket.org/pypa/distlib/commits/774bc70bfb283be10f409a78d79fdfa751041b08

Comment 5 Miro Hrončok 2021-09-22 15:45:19 UTC
I wonder what are they used for and if upstream pip even needs to bundle them. If we could adapt their tooling to drop it for us :/

Comment 6 Miro Hrončok 2021-09-22 16:36:27 UTC
(In reply to Miro Hrončok from comment #5)
> I wonder what are they used for and if upstream pip even needs to bundle
> them. If we could adapt their tooling to drop it for us :/

I think they are actually used when installing wheels on Windows systems, so we need to drop them downstream.

Comment 7 Victor Stinner 2021-09-24 11:40:38 UTC
PC/launcher.c is a wrapper used as <venv>\Scripts\python.exe to launch Python using <venv>\pyvenv.cfg configuration. <venv>\Scripts\python.exe is not Python. It's a completly different program which is only responsible for locating the real python.exe and start it.

In short, yes, it is useless on Linux :-)

About the license, PC/launcher.c comes from Python, so it is under the PSF License Agreement: https://docs.python.org/dev/license.html

I don't know exactly what the .exe binaries contain, they are likely built by the MSC compiler (of the Windows SDK, or using Visual Studio).

Comment 8 Nick Coghlan 2021-09-26 01:18:28 UTC
Removing the binaries in prep is a good idea, but you could also patch out the inclusion line in setup.py:https://github.com/pypa/pip/blob/b5457dfee47dd9e9f6ec45159d9d410ba44e5ea1/setup.py#L67

Comment 9 Miro Hrončok 2021-09-26 18:17:13 UTC
I suppose that removing the binaries in prep is safer, but OTOH *also* removing that line might be needed. Thanks, Nick.

Comment 10 Charalampos Stratakis 2021-10-06 14:11:34 UTC
PR: https://src.fedoraproject.org/rpms/python-pip/pull-request/95

Comment 11 Fedora Update System 2021-10-06 20:24:44 UTC
FEDORA-2021-8def566b68 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-8def566b68

Comment 12 Fedora Update System 2021-10-06 20:37:01 UTC
FEDORA-2021-8def566b68 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2021-10-12 12:37:17 UTC
FEDORA-2021-eefb815329 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-eefb815329

Comment 14 Fedora Update System 2021-10-12 12:37:47 UTC
FEDORA-2021-ec57c5de64 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ec57c5de64

Comment 15 Fedora Update System 2021-10-12 12:38:21 UTC
FEDORA-2021-93e4d875e1 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-93e4d875e1

Comment 16 Fedora Update System 2021-10-12 17:11:49 UTC
FEDORA-2021-eefb815329 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-eefb815329`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-eefb815329

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 17 Fedora Update System 2021-10-12 23:44:13 UTC
FEDORA-2021-ec57c5de64 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ec57c5de64`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ec57c5de64

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 18 Fedora Update System 2021-10-13 00:32:08 UTC
FEDORA-2021-93e4d875e1 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-93e4d875e1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-93e4d875e1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 19 Fedora Update System 2021-10-20 19:22:51 UTC
FEDORA-2021-ec57c5de64 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 20 Fedora Update System 2021-10-20 19:26:23 UTC
FEDORA-2021-93e4d875e1 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 21 Fedora Update System 2021-10-29 23:03:56 UTC
FEDORA-2021-eefb815329 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 22 Fedora Update System 2023-02-10 16:35:40 UTC
FEDORA-2023-446b0b621c has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-446b0b621c


Note You need to log in before you can comment on or make changes to this bug.