Pip-tools: pip-sync will happilly uninstall all packages if requirements.txt is empty

Created on 1 Aug 2018  路  9Comments  路  Source: jazzband/pip-tools

This perhaps might be argued to be a feature, since pip-sync supposed to uninstall anything that is not in requirements.txt but this is dangerous in scenarios when an earlier operation has failed and caused requirements.txt to be empty. I'm wondering whether this safety measure could be added, if someone needs the behavior, maybe they can specify --force?

Environment Versions
  1. OS Type: N/A
  2. Python version: $ python -V: N/A
  3. pip version: $ pip --version: 18.0
  4. pip-tools version: $ pip-compile --version: 2.0.2
Steps to replicate
  1. echo -n > test.txt
  2. pip-sync test.txt
  3. pip list
Expected result

Operation would fail

Actual result

All packages were uninstalled

feature request needs discussion
Source
picture takeda
👍4 👎1

Most helpful comment

Seems like pip-sync is doing the right thing to me. Always check the input to your programs before you run them.

picture georgek on 2 Jul 2019
👍2

All 9 comments

Seems like pip-sync is doing the right thing to me. Always check the input to your programs before you run them.

georgek picture georgek on 2 Jul 2019
👍2

Heh, since I wrote this PR I ended up liking this behavior and started using pip-sync /dev/null to cleanup the environment, before installing something else.

My concern when filling this PR was using pip-sync in CMS code (salt, chef, puppet etc) for the purpose of deployment in case precious step failed and produced an empty file. Maybe an option --fail-on-empty could be used as a safety measure.

takeda picture takeda on 2 Jul 2019

Why not check the previous file with another tool like wc? Unix philosophy: do one thing and do it well.

georgek picture georgek on 2 Jul 2019

I think we can ask if a user wants to continue. For example:

if file_is_empty and not click.confirm('Do you want to uninstall all packages?'):
    sys.exit(0)
atugushev picture atugushev on 15 Sep 2019

Personally I'm against training users that commands can't do something dangerous. They'll get a shock when rm -rf / doesn't ask if they are sure.

Another concern is what if I really do want to do this? We'll need another option like --yes for running it in a non-interactive environment like CI.

georgek picture georgek on 16 Sep 2019

Another concern is what if I really do want to do this? We'll need another option like --yes for running it in a non-interactive environment like CI.

That makes sense. But I don't mind honestly, for I remember how I got myself into this trap once and deleted all packages in the env.

atugushev picture atugushev on 16 Sep 2019

Uninstalling all packages is exactly what I expect and desire to happen when I pip-sync against an empty file.

AndydeCleyre picture AndydeCleyre on 19 Sep 2019
👍1

A nicer option would be to add an "opt-in" feature, ie. an --ask flag similar to how nmcli or portage (Gentoo package manager) works. Users can then use this in an alias if they wish for it to be enabled on their interactive command line but it won't affect CI or users who don't like such features.

I think --ask would simply be --dry-run, but with the option to continue with a real run.

georgek picture georgek on 27 Sep 2019
👍1

I'll close this based on the above which was implemented in #913, but please let us know if it doesn't resolve your issue. Thanks!

atugushev picture atugushev on 8 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vphilippon picture vphilippon  路  4Comments
astrojuanlu picture astrojuanlu  路  3Comments
marcelloromani picture marcelloromani  路  3Comments
blampe picture blampe  路  4Comments
sp-bot-tools picture sp-bot-tools  路  4Comments