[ckan-discuss] installation from source changed in git master

Uwe Geuder 2hsfka7m5g at snkmail.com
Thu Jun 28 13:40:47 BST 2012


I wonder whether some dependency changes recently made, especially
downgrades, were really intended.

We have a script that installs CKAN from source on CentOS 6. We are
currently in an internal development phase, so we just install from git
master and we re-install from scratch frequently.

Today I noticed that installation has changed:

commit db7481921ba37e7b044ea59360d90cc934149b74
Author: Sean Hammond <seanhammond at lavabit.com>
Date:   Sat Jun 23 11:11:02 2012 +0200

    Update and simplify install instructions

That's all fine, the change was easy to make in our script:

 diff --git a/rpms/kata-ckan-dev/src/02getpythonpackages.sh b/rpms/kata-ckan-dev/src/02getpythonpackages.sh
index 5470438..976f013 100644
--- a/rpms/kata-ckan-dev/src/02getpythonpackages.sh
+++ b/rpms/kata-ckan-dev/src/02getpythonpackages.sh
@@ -9,9 +9,7 @@ fi
 cd $instloc
 source pyenv/bin/activate
-pip install --ignore-installed -e git+https://github.com/okfn/ckan.git#egg=ckan
-pip install --ignore-installed -r pyenv/src/ckan/requires/lucid_missing.txt -r pyenv/src/ckan/requires/lucid_conflict.txt
-pip install webob==1.0.8
-pip install --ignore-installed -r pyenv/src/ckan/requires/lucid_present.txt
+pip install -e git+https://github.com/okfn/ckan.git#egg=ckan
+pip install -r pyenv/src/ckan/pip-requirements.txt

This works all fine.

After the installation the script runs a "pip freeze" and compares to a
previously known result. That's where I started wondering:

(The following diff goes from old to new)

< MarkupSafe==0.15
> MarkupSafe==0.9.2

Looks like quite a big downgrade. And without looking at the code I
could at least guess that MarkupSafe could be even
security-relevant. Was that really the intention?

< PasteScript==1.7.3
> PasteScript==1.7.5
> PyUtilib==4.0.2848
< Routes==1.11
> Routes==1.12

2 upgrades and one new dependency. Have not checked where the new one is

< WebHelpers==1.3
> WebHelpers==1.2

Another downgrade.

< -e git+https://github.com/okfn/ckan.git@f573a3a8d70f269c659f44282f798c6db08d9ece#egg=ckan-dev
> -e git+https://github.com/okfn/ckan.git@fcc52c04adc14276e99e66cb5adb63674f8d3fbe#egg=ckan-dev
< -e hg+http://hg.saddi.com/flup@301a58656bfbce7b77d538112b6348f67ce1162a#egg=flup-dev

My old list is already 2 weeks or more old, the flup removal has appeared
before the installation change. OK.

< -e svn+https://software.sandia.gov/svn/public/pyutilib/pyutilib.component.core/trunk@1886#egg=pyutilib.component.core-4.1-py2.6-dev_r1886
> pyutilib.R==3.1
> pyutilib.autotest==2.0
> pyutilib.common==3.0.7
> pyutilib.component.app==3.2
> pyutilib.component.config==3.4
> pyutilib.component.core==4.5.3
> pyutilib.component.doc==1.0.1
> pyutilib.component.executables==3.5
> pyutilib.component.loader==3.4
> pyutilib.dev==2.0
> pyutilib.enum==1.1
> pyutilib.excel==3.1.1
> pyutilib.math==3.3
> pyutilib.misc==5.3.1
> pyutilib.ply==3.0.7
> pyutilib.pyro==3.5.2
> pyutilib.services==3.4
> pyutilib.subprocess==3.5.2
> pyutilib.svn==1.3.1
> pyutilib.th==5.3
> pyutilib.virtualenv==3.0
> pyutilib.workflow==3.2

That's again one I do not understand. Do we really need that many new
dependencies? I shortly looked into the previously used svn and it did
not seem to contain all that stuff.

< simplejson==2.5.2
> simplejson==2.6.0


> unittest2==0.5.1

Do we need this for a "normal" installation? I understand there is an
extra list pip-requirements-test.txt.

> virtualenv==1.7.2

Weird that this was not listed earlier. Should be OK, though.


Uwe Geuder
Nomovok Ltd.
Tampere, Finland
uwe.gxuder at nomovok.com (bot check: humans correct 1 obvious spelling error)

More information about the ckan-discuss mailing list