Support the most esoteric setup.py files #3202
Labels
F: language-support
Issues specific to a particular language or ecosystem; may be paired with an L: label.
python
Dependabot pull requests that update Python code
T: feature-request
Requests for new features
While working on trying to figure out why dependabot doesn't work for synapse's
setup.py
file, I came across the pythonsetup.py
helper, which in my opinion takes a huge amount of liberties to assume howsetup.py
files look like.This helper tries to outsmart python itself by manually regex-replacing(!) contents of the file, before blindly
exec
-ing it withlocals()
andglobals()
.This can be simplified instead by using
multiprocessing
(to isolate side-effects), then run a script that replacessetuptools
'ssetup
by making it send the passed requires and extras to the parent process, and then springboarding into thesetup.py
script (after setting the right working directory).The only reason why i could see trying to outsmart python in regards to executing what in files would be to avoid malicious behaviour, that can be wrapped and isolated with containers, but that's not the case here, it's avoidance to dirty the output and such, that can be wrapped in a subprocess.
The text was updated successfully, but these errors were encountered: