Only allow the finder to use wheels as build reqs

[pradyunsg]

Fixes #4983
See also #4802 (comment)

The message isn't ideal but I think that is for a separate PR.

[benoit-pierre]

Shouldn't the message read "This version of pip does not implement PEP 518", not 516?

[pradyunsg]

The message isn't ideal but I think that is for a separate PR.

@benoit-pierre Yes.

[pfmoore]

Um, PEP 517. 516 is the rejected version of build system abstraction, 517 is the accepted build system abstraction, and 518 is pyproject.toml plus basic install requirements. On its own, PEP 518 still needs setuptools to build wheels.

[pfmoore]

Having said that, the message is not from this PR (which looks fine to me) but from somewhere else. As far as I can see, though, the message is confused - we're not trying to build a wheel without setuptools, we're simply trying to install a build-time dependency of pip-forkbomb-test. The problem is that we have a circular dependency, not that we don't have alternative build tool support.

Regardless, though, that's a cosmetic issue. I'm happy with this PR as a temporary fix for PEP 518 support to require that build dependencies have to be wheels for now. (Although travis isn't - looks like there are tests that need fixing...)

[pradyunsg]

I'll make a separate PR for improving the message.

I'll look into the test failure in ~12 hours. It's probably because something in the test harness is using an sdist build dependency.

[pradyunsg]

Additional investigation needed: can arbitrary URLs be a build-dependency and pip still installs it?

[pradyunsg]

Another idea: Disabling all of the current PEP 518 stuff with a flag, just in case there's some security hole in there?

This has the nice advantage of telling us the exact branches that need to be changed post 10.0.

[pradyunsg]

we're not trying to build a wheel without setuptools

Actually, we are. pip-forkbomb-test doesn't list setuptools in build-system.requires.

[pradyunsg]

Um, PEP 517.

Yes.

(apologies for the terse replies, I'm in the middle of something else)

[pradyunsg]

(Although travis isn't - looks like there are tests that need fixing...)

Fixed by switching to simplewheel from simple in the test.

[ghost]

Excellent work, @pradyunsg!

[pradyunsg]

When merging this PR, please use plain merge instead of squash/rebase merges since I have another branch sitting on top of this one now.

[pradyunsg]

@pypa/pip-committers Is there anything else we want to do here before we can merge?

[pfmoore]

Not that I know of

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.