Okay… so just to circle back to my original question/resolution… I won’t miss anything listed (pre-update) via python 3.9 pip freeze --user > pip_list_user.txt so I can feel good about $ rm -rdv /home/<userid>/.local/lib/python3.9?
And although it’s odd one file was left in /usr/lib/python3.9… I can remedy that with $ sudo rm -rdv /urs/lib/python3.9?
that’s a really positive attitude i switched to testing branch 2 days ago so i had got this update but came to know about this pip stuff just know (missed the testing announcement earlier). i have no aur package that uses python. the system python packages were automatically upgraded and i manually upgraded the ones installed via pip. important thing is nothing is broken (yet)
I thought I’d share what I’ve written down about my understanding of the whole python update/readiness process… but as I wasn’t able to figure out how to upload an ODT/PDF, maybe a screenshot would be appreciated.
Thats not really what that line says. Its closer to saying ‘do this but with caution’.
Thing is … there is no real case for doing that … it only produces false results and then 'sudo pip install’s everything on that list - which would be bad for any pip package on any day, but even worse now that you would be attempting to overwrite repo packages as well. sudo pipmay make sense only in the case that someone properly set up a virtual environment.
But that wasnt mentioned anywhere in those instructions so I have to conclude it was simply written out of a fundamental misunderstanding.
Ultimately those notes should not have been added in that form at all.
As for “the next line”, I should have said “the next few lines”.
Depends when/where it was copied from my original version;
I did strengthen the “don’t do it” message later on, IIRC.
I wrote it in the 2021-12-28 testing announcement, and expected problems to be picked up there.
Was working it out for myself, as I thought I might have installed some in system python by mistake.
Later in the process I found that pip freeze picks up packages that pip did not install, as you can read here
Years ago I followed the advice on pip.pypa.io and many other places, simply “pip install package”, which must be intended for Windows users, as it fails in Linux with a permission error. When it failed I simply used sudo, didn’t know it was dangerous. And last week I was forgetting that there had been malware on PyPI.
I’m glad you were chiming in on the test branches @j77h. I’ve been watching all the branch discussions so I’d have a good sense of what was coming down the pike for Stable… and I started paying extra attention once the [Unstable Update] 2021-12-13 - Python 3.10 Rebuilds post was made because I had a feeling a significant change like that deserved more attention and forethought than just clicking “Apply” in the pamac GUI’s upgrade tab.
I only noticed because of this post (and then retroactively changed the testing posts back through early december) … I dont usually pay attention to release/update announcements, especially on Stable or Testing … and on Unstable we dont have the ‘common problems/fixes’ wiki thing.
Off topic, and only view the image if there is a good sense of humour and understanding that it’s meant to bring a smile in times of seemingly thankless efforts.
At my old job, I started getting sick of the proverbial “attaboy’s” that managers seemed to think we lived off of… so I started bringing some reality and humour to it by sharing the following image with my colleagues after we’d solve a tough problem… even in some cases where what we’d accomplished wasn’t really noticed by management.
Still baffles me that people use these features … especially for sensitive things.
Its sorta funny when a friend can easily log into your email account because you left your machine on … its worse when it is easy to dupe users … its even worse when it can be accomplished by a drive-by (simply visit a page that somehow has malicious code injected) without extra protections … which are of course the same users that store things that way, dont configure security, and wont notice a problem until its too late.
But we should be fair here - when it comes to installing packages … especially 3rd party ones … the user should consider what it is they are installing…
(If you cant decipher the install/application or trust the source … the only safe thing is dont install)
More or less what I learned with AUR packages… at least look at the PKGBUILD file to try get a sense of what it’s doing before installing. For example, if it looks like it’s going somewhere weird/unexpected to download some files, that’s a sign to abort.
Even more baffling is that “responsible” corporations offer them.
Have never allowed a browser to save anything for me, out of sheer precaution,
and didn’t know until now how easily they could have been stolen.
(I use KeePassXC with a strong password; hope it’s safe enough.)
Those exploits don’t need root access,
so even ‘pip install --user’ must be used with great care.
Note: If you find it useful to install python components via pip, it’s best to keep them in “user-space” (Home directory) by installing them via $ pip install --user <component> … this will keep the core python install happier/cleaner, and make it easier to keep track of what you’ve personally installed.
When Python gets a major update… like python 3.9 (old) => 3.10 (new)… there’s a few things to do:
run $ pip freeze --user > pip_list_user.txt to get a list of all “user” installed python components for the current (pre-upgrade) python (which should be similar to looking inside /home/<userid>/.local/lib/python3.9) (old)
Sometimes installing one component will install dependencies as well… to see these dependencies it can be useful to run $ pip show <component>. This could also help to shorten the “re-install” list inside pip_list_user.txt if the inter-dependencies are known.
running $ pacman -Qoq /usr/lib/python3.9 (old) will list many existing “system” (and AUR) packages that pacman|pamac (the upgrade) “should” re-install for the upgraded python version (i.e. python 3.9 => 3.10)
Option 1: If you want what’s in the pip_list_user.txt (old python 3.9) file to be installed under the new python 3.10, there are a few choices:
Reinstall them manually via $ pip install --user <component> (paying attention to dependencies to re-install with the least steps)
Look for an AUR/repo controlled component (removes reliance on pip)
Option 2: If you don’t want what’s in the pip_list_user.txt (old python 3.9) file to be installed under the new python 3.10, simply perform to the next “remove” step
Either path/option chosen above, you’ll also want to make sure to clear out the old 3.9 “user-space” via $ rm -rdv /home/<userid>/.local/lib/python3.9 (old)
running $ pacman -Qoq /usr/lib/python3.9 (old) should be empty… if it’s not, you may need to run the following command to update them (i.e. rebuilding AUR packages)…$ pamac build $(pacman -Qoq /usr/lib/python3.9) --no-confirm
It’s a good idea to check /user/lib/python3.9 (old) to make sure it was completely removed. Had it once where one “pycache” file prevented a directory tree from being removed… solved via $ sudo rm -rdv /usr/lib/python3.9 (old)