In http://lists.idyll.org/pipermail/testing-in-python/2011-October/004447.html, Barry Warsaw kicked off a discussion on testing various packages within the Python Package Index (pypi). As part of this discussion, I mentioned a technique I've been using internally for a while to write setup scripts (old distutils/setuptools style) such that they're more robust and introspectable.
Instead of writing the following in my scripts: from setuptools import setup setup( name = 'foo', install_requires = 'bar', ) I write the following: setup_params = dict( name = 'foo', install_requires = 'bar', ) if __name__ == '__main__': from setuptools import setup setup(**setup_params) While slightly more verbose, this technique has a couple of benefits. First, it means that code traversal algorithms (such as test discovery) don't inadvertently execute the setup script. Second, it allows the script to be read via import or execfile without necessarily invoking the setup() function. This allows a third-party product, such as the Cheese Taster to open up a project and easily inspect its setup parameters. Also, you'll note the setuptools requirement is deferred until the script is run, and isn't necessary to construct the parameters. Furthermore, if there is other side-effect behavior, it can be invoked from inside the __main__ block. I share this with the community for your feedback. Is there any reason this technique shouldn't be adopted in general? Also, how can a third-party product detect whether a setup script is safe in this way? I don't think it would be possible in general, but perhaps packagers could include a directive near the head to indicate such. Consider: # -*- script-disposition: import-safe -*- Or similar. Alternatively, a tool could be built to compile and statically analyze the code to detect the presence of setup_params, though would be more likely to encounter false positives. What downsides am I missing? How could this technique be improved? Would it be difficult to take these parameters and generate package metadata (DistributionMetadata) from it? I look forward to any feedback you have. Regards, Jason R. Coombs
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
