An example using alpine (it seems some packages sporadically include the dist-info folders): There is some more recent info here https://peps.python.org/pep-0627/
/ # apk add py3-pip (1/6) Installing py3-six (1.16.0-r3) (2/6) Installing py3-retrying (1.3.3-r3) (3/6) Installing py3-parsing (3.0.9-r0) (4/6) Installing py3-packaging (21.3-r2) (5/6) Installing py3-setuptools (65.6.0-r0) (6/6) Installing py3-pip (22.3.1-r1) Executing busybox-1.35.0-r29.trigger OK: 82 MiB in 34 packages / # pip install pyparsing==3.0.9 Requirement already satisfied: pyparsing==3.0.9 in /usr/lib/python3.10/site-packages (3.0.9) In the above example, pip refuses to double-install pyparsing only because of the dist-info file, however lots of directly pip installed packages produce egg-info folders instead as a I guess those are installed from source by pip. Debian could produce dist-info folders for those instead. Just thinking out-loud Ian On Sun, 12 Feb 2023 at 08:18, Ian Norton <inor...@gmail.com> wrote: > > https://packaging.python.org/en/latest/specifications/recording-installed-packages/ > defines the python spec where a package such as pyparsing would create > a tree of files under: > site-packages/pyparsing-3.0.9-dist-info/ including RECORD which is > essentially a sha256-based manifest of files and some others. > > On Sun, 12 Feb 2023 at 08:12, Ian Norton <inor...@gmail.com> wrote: > > > > You've made me wonder if it would be feasible to have a debian-centric > > tool that populates .dist-info from debs? > > > > On Sun, 12 Feb 2023 at 08:05, Ian Norton <inor...@gmail.com> wrote: > > > > > > I requested this kind of thing from the pip folks as > > > https://github.com/pypa/pip/issues/11644 and others have requested > > > similar, such as https://github.com/pypa/pip/issues/11607 > > > > > > On Sun, 12 Feb 2023 at 04:56, Philippe Cerfon <philc...@gmail.com> wrote: > > > > > > > > Hey. > > > > > > > > I hope this is not too off topic. > > > > > > > > As far as I understand, dh-python, when building packages somehow > > > > automatically uses the Debian package names and even prevents e.g. > > > > setuptools from downloading any dependencies by setting a (hopefully > > > > not running) proxy. > > > > > > > > > > > > I wondered whether it's possible to make tools like pip and setuptools > > > > directly use the Debian python packages when resolving dependencies. > > > > > > > > The main motivation are security constraints, so I had to configure > > > > pip so that it cannot just download packages from PyPI (which is > > > > rather easy, simply setting no-index in pip.conf). > > > > > > > > But then of course it also fails to e.g. do an editable install of a > > > > locally developed package, when it tries to resolve the dependencies. > > > > > > > > So I wondered whether it's possible to prevent pip from downloading > > > > any remote stuff, while still resolving dependencies (respectively > > > > consider them as being resolved) *if* the package is locally installed > > > > from the Debian archive? > > > > (If a dependency isn't installed from a package it may of course fail.) > > > > > > > > > > > > Thanks, > > > > Philippe. > > > > > > > > PS: Please keep me CCed. > > > >
