Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to importlib from pkg_resources #1521

Closed
Molkree opened this issue Jan 10, 2022 · 4 comments · Fixed by #1542
Closed

Move to importlib from pkg_resources #1521

Molkree opened this issue Jan 10, 2022 · 4 comments · Fixed by #1542
Milestone
3.1

Comments

@Molkree
Copy link
Contributor

Molkree commented Jan 10, 2022

Setuptools docs:

Use of pkg_resources is discouraged in favor of importlib.resources, importlib.metadata, and their backports (resources, metadata).

pkg_resources is used to iterate over checkers using iter_entry_points, it can be replaced with something like this:

if sys.version_info >= (3, 8):
    from importlib import metadata as importlib_metadata
else:
    import importlib_metadata
checkers = importlib_metadata.entry_points()["cve_bin_tool.checker"]
@terriko terriko added this to the 3.1 milestone Jan 12, 2022
@terriko
Copy link
Contributor

terriko commented Jan 12, 2022

Good catch, thank you. Flagging this with the 3.1 milestone to make sure it happens before next release.

That code is a little hoary because there was some minor concern from @pdxjohnny that we'd want it to be possible to write checkers without concern for compliance with our GPLv3 license. I'm not sure if this has ever actually been an issue for anyone, since by the nature of having that option it's likely that people who didn't want to produce GPLv3 code probably never contacted us.

@XDRAGON2002
Copy link
Contributor

XDRAGON2002 commented Jan 14, 2022
edited
Loading

Currently we are using pkg_resources in 4 places:
cli.py, cve_scanner.py, version_scanner.py, test_checkers.py
Should I try to remove its usage from all these occurances?

@terriko
Copy link
Contributor

terriko commented Jan 19, 2022

Yes, we want to stop using pkg_resources entirely now in favour of an importlib based solution. Please remove it anywhere you find it.

@XDRAGON2002 XDRAGON2002 mentioned this issue Jan 24, 2022
Merged
@XDRAGON2002
Copy link
Contributor

Opened PR #1542 that closes this issue.

terriko pushed a commit that referenced this issue Feb 7, 2022
@XDRAGON2002
refactor: replace pkg_resources with importlib (fixes #1521) (#1542)
8d95852 
* fixes #1521
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.1
Development

Successfully merging a pull request may close this issue.

refactor: replace pkg_resources with importlib (#1521) XDRAGON2002/cve-bin-tool
3 participants
@terriko @Molkree @XDRAGON2002