[QGIS-Developer] QGIS plugin depends on pypi package

Matthias Kuhn matthias at opengis.ch
Fri Jan 19 09:20:56 PST 2024 

Hi John,

A former colleague of mine developed "qpip".
This is meant as a pip dependency manager for plugins and will install any
additional dependencies from a supplied requirements.txt in a controlled
way into the user profile folder.

There has never been any big announcement done regarding this plugin, but
it's the best "pip"-like integration into QGIS which I am aware of.

https://github.com/opengisch/qpip

Kind regards
Matthias

On Fri, Jan 19, 2024 at 6:13 PM Greg Troxel via QGIS-Developer <
qgis-developer at lists.osgeo.org> wrote:

> John Lindsay via QGIS-Developer <qgis-developer at lists.osgeo.org> writes:
>
> > Besides, a better solution would be for the plugin to install this
> > package via pip when it is itself first installed and launched. I
> > tried to accomplish this with the following code:
> >
> >
> https://github.com/jblindsay/whitebox_workflows_for_qgis/blob/4e463262f6cfd1987afa2f3f7e0e79656eb8d27e/whitebox_workflows_for_qgis_provider.py#L56
> >
> > This code, which runs whenever the plugin is launched, first checks to
> > see if whitebox_workflows can be imported and if not, it runs pip from
> > the Python script to install it. Unfortunately, some users have
> > reported issues with this not working correctly:
>
> (Writing from the UNIX perspective.)
>
> Perhaps biased by my packaing background, I view any code that downloads
> other code at runtime (without an explicit user request) as a security
> bug.   This is especially true if it isn't getting sources pinned to a
> version and validated by checksum.
>
> That said, there's a lot of interesting questions about how to deal with
> dependencies of plugins.   For qgis itself, dependencies are properly
> dealt with by a packaging system and that seems ok.
>
> For plugins, I could see treating them as python modules and packaging
> them, but qgis wants to have its own package management system.
>
> qgis is usually installed, via packaging, globally (/usr or /usr/pkg, or
> similar).  The immediate question is where plugins go.  I'd expect them
> to be in the user's file area vs system, unless installing them in some
> administrator role.  The next question is, if they depend on something,
> what prefixes and install methods are expected for those things, both
> regular packages (programs and shlibs) and python modules.  Which is
> partly/mostly about what the search paths are in the plugin execution
> environment.
>
> Overall, I'd rather see plugins fail with a message and leave
> installation as a manual decision than have plugins run pip install.
> But I get it that most people probably don't see it that way.
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20240119/9c634bc1/attachment.htm>

More information about the QGIS-Developer mailing list