Drop setuptools from critical package list

poetry/installation/pip_installer.py

@@ -5,12 +5,15 @@
 
 from clikit.api.io import IO
 
+from poetry.installation.base_installer import BaseInstaller
 from poetry.repositories.pool import Pool
+from poetry.utils._compat import Path
 from poetry.utils._compat import encode
 from poetry.utils.env import Env
+from poetry.utils.env import EnvManager
+from poetry.utils.env import VirtualEnv
 from poetry.utils.helpers import safe_rmtree
-
-from .base_installer import BaseInstaller
+from poetry.utils.helpers import temporary_directory
 
 
 try:
@@ -189,7 +192,7 @@ def install_directory(self, package):
         else:
             req = os.path.realpath(package.source_url)
 
-        args = ["install", "--no-deps", "-U"]
+        args = ["install", "--no-deps", "-U", "--root", str(self._env.path)]
 
         pyproject = TomlFile(os.path.join(req, "pyproject.toml"))
 
@@ -243,7 +246,11 @@ def install_directory(self, package):
 
         args.append(req)
 
-        return self.run(*args)
+        with temporary_directory() as tmp_dir:
+            venv_dir = Path(tmp_dir) / ".venv"
+            EnvManager.build_venv(venv_dir.as_posix(), with_pip=True)
+            venv = VirtualEnv(venv_dir, venv_dir)
+            return venv.run("pip", *args)
 
     def install_git(self, package):
         from poetry.core.packages import Package

poetry/puzzle/provider.py

@@ -52,7 +52,7 @@ def _formatter_elapsed(self):
 
 class Provider:
 
-    UNSAFE_PACKAGES = {"setuptools"}
+    UNSAFE_PACKAGES = set()
 
     def __init__(
         self, package, pool, io, env=None

poetry/utils/env.py

@@ -693,8 +693,7 @@ def build_venv(
         ]
 
         if not with_pip:
-            # we cannot drop setuptools yet because we do editable installs (git, path) in project envs
-            opts.extend(["--no-pip", "--no-wheel"])
+            opts.extend(["--no-pip", "--no-wheel", "--no-setuptools"])
 
         opts.append(str(path))
 

pyproject.toml

@@ -71,6 +71,10 @@ pre-commit = { version = "^2.6", python = "^3.6.1" }
 tox = "^3.0"
 pytest-sugar = "^0.9.2"
 httpretty = "^0.9.6"
+deepdiff = [
+    {version = "3.3.0", python = "~2.7"},
+    {version = "^5.0.2", python = "^3.5"}
+]
 
 [tool.poetry.scripts]
 poetry = "poetry.console:main"

tests/installation/fixtures/with-pypi-repository.test

@@ -66,6 +66,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
 py = ">=1.5.0"
 six = ">=1.10.0"
 attrs = ">=17.4.0"
+setuptools = "*"
 more-itertools = ">=4.0.0"
 pluggy = ">=0.5,<0.7"
 funcsigs = {"version" = "*", "markers" = "python_version < \"3.0\""}
@@ -79,6 +80,18 @@ category = "dev"
 optional = false
 python-versions = "*"
 
+[[package]]
+name = "setuptools"
+version = "39.2.0"
+description = "Easily download, build, install, upgrade, and uninstall Python packages"
+category = "dev"
+optional = false
+python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*"
+
+[package.extras]
+certs = ["certifi (2016.9.26)"]
+ssl = ["wincertstore (0.2)"]
+
 [metadata]
 python-versions = "*"
 lock-version = "1.1"
@@ -113,6 +126,10 @@ pytest = [
     {file = "pytest-3.5.0-py2.py3-none-any.whl", hash = "sha256:6266f87ab64692112e5477eba395cfedda53b1933ccd29478e671e73b420c19c"},
     {file = "pytest-3.5.0.tar.gz", hash = "sha256:fae491d1874f199537fd5872b5e1f0e74a009b979df9d53d1553fd03da1703e1"},
 ]
+setuptools = [
+    {file = "setuptools-39.2.0-py2.py3-none-any.whl", hash = "sha256:8fca9275c89964f13da985c3656cb00ba029d7f3916b37990927ffdf264e7926"},
+    {file = "setuptools-39.2.0.zip", hash = "sha256:f7cddbb5f5c640311eb00eab6e849f7701fa70bf6a183fc8a2c33dd1d1672fb2"},
+]
 six = [
     {file = "six-1.11.0-py2.py3-none-any.whl", hash = "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"},
     {file = "six-1.11.0.tar.gz", hash = "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"},

tests/installation/test_installer.py

@@ -7,6 +7,7 @@
 
 from clikit.io import NullIO
 
+from deepdiff import DeepDiff
 from poetry.core.packages import ProjectPackage
 from poetry.factory import Factory
 from poetry.installation import Installer as BaseInstaller
@@ -382,7 +383,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
     installed.add_package(package_b)
     installed.add_package(package_c)
     installed.add_package(package_pip)
-    installed.add_package(package_setuptools)  # Always required and never removed.
+    installed.add_package(package_setuptools)
     installed.add_package(package)  # Root package never removed.
 
     package.add_dependency(Factory.create_dependency("A", "~1.0"))
@@ -392,8 +393,10 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
 
     assert 0 == installer.executor.installations_count
     assert 0 == installer.executor.updates_count
-    assert 3 == installer.executor.removals_count
-    assert {"b", "c", "pip"} == set(r.name for r in installer.executor.removals)
+    assert 4 == installer.executor.removals_count
+    assert {"b", "c", "pip", "setuptools"} == set(
+        r.name for r in installer.executor.removals
+    )
 
 
 def test_run_whitelist_add(installer, locker, repo, package):
@@ -780,7 +783,7 @@ def test_installer_with_pypi_repository(package, locker, installed, config):
 
     expected = fixture("with-pypi-repository")
 
-    assert locker.written_data == expected
+    assert not DeepDiff(locker.written_data, expected, ignore_order=True)
 
 
 def test_run_installs_with_local_file(installer, locker, repo, package):
@@ -1561,7 +1564,7 @@ def test_installer_required_extras_should_not_be_removed_when_updating_single_de
     installer.whitelist(["pytest"])
     installer.run()
 
-    assert (6 if not PY2 else 7) == installer.executor.installations_count
+    assert (7 if not PY2 else 8) == installer.executor.installations_count
     assert 0 == installer.executor.updates_count
     assert 0 == installer.executor.removals_count
 

tests/installation/test_installer_old.py

@@ -6,6 +6,7 @@
 
 from clikit.io import NullIO
 
+from deepdiff import DeepDiff
 from poetry.core.packages import ProjectPackage
 from poetry.factory import Factory
 from poetry.installation import Installer as BaseInstaller
@@ -342,7 +343,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
     installed.add_package(package_b)
     installed.add_package(package_c)
     installed.add_package(package_pip)
-    installed.add_package(package_setuptools)  # Always required and never removed.
+    installed.add_package(package_setuptools)
     installed.add_package(package)  # Root package never removed.
 
     package.add_dependency(Factory.create_dependency("A", "~1.0"))
@@ -357,7 +358,7 @@ def test_run_install_remove_untracked(installer, locker, repo, package, installe
     assert len(updates) == 0
 
     removals = installer.installer.removals
-    assert set(r.name for r in removals) == {"b", "c", "pip"}
+    assert set(r.name for r in removals) == {"b", "c", "pip", "setuptools"}
 
 
 def test_run_whitelist_add(installer, locker, repo, package):
@@ -750,7 +751,7 @@ def test_installer_with_pypi_repository(package, locker, installed, config):
 
     expected = fixture("with-pypi-repository")
 
-    assert locker.written_data == expected
+    assert not DeepDiff(locker.written_data, expected, ignore_order=True)
 
 
 def test_run_installs_with_local_file(installer, locker, repo, package):
@@ -1519,7 +1520,7 @@ def test_installer_required_extras_should_not_be_removed_when_updating_single_de
     installer.whitelist(["pytest"])
     installer.run()
 
-    assert len(installer.installer.installs) == 6 if not PY2 else 7
+    assert len(installer.installer.installs) == 7 if not PY2 else 8
     assert len(installer.installer.updates) == 0
     assert len(installer.installer.removals) == 0
 

tests/puzzle/test_solver.py

@@ -2188,6 +2188,7 @@ def test_solver_remove_untracked_single(package, pool, installed, locked, io):
     check_solver_result(ops, [{"job": "remove", "package": package_a}])
 
 
+@pytest.mark.skip(reason="Poetry no longer has critical package requirements")
 def test_solver_remove_untracked_keeps_critical_package(
     package, pool, installed, locked, io
 ):