1. Tarek Ziadé
  2. distribute
  3. Issues
Issue #229 new

console_script can't be named like package name plus '.py'

Danny Navarro
created an issue

When one of the console scripts is named like the package plus the '.py' extension, running the script will raise this error (package name: epu, script name: epu.py):

Traceback (most recent call last): File "/home/danny/sandbox/virtualenvs/test/bin/epu.py", line 8, in <module> load_entry_point('epu==0.1dev', 'console_scripts', 'epu.py')() File "build/bdist.linux-x86_64/egg/pkg_resources.py", line 337, in load_entry_point File "build/bdist.linux-x86_64/egg/pkg_resources.py", line 2280, in load_entry_point ImportError: Entry point ('console_scripts', 'epu.py') not found

After this script is installed, it also breaks any other console script installed in the distribution.

I'm using distribute 0.6.19 and python 2.7.2

I don't know if this is an issue or a feature but a more informative error will be very helpful.

Comments (5)

  1. Jason R. Coombs

    The problem appears to occur only on Unix. Windows environments are not affected (because scripts are installed as executables and -script is appended for any .py files generated).

    I've created the attached sample package which reproduces the problem. Distribute is doing the right thing in terms of generating the correct scripts, but it seems that when the script itself attempts to import the package by name, it finds itself first (and not the package). Furthermore, it's not just the script itself that will no longer find the package name, but any other installed console script.

    As a result, this is a serious issue, because a script vendor could take advantage of this shortcoming to prevent importing of other modules. For example, if one were to create a console_script with the following definition:

        'zope.py = foo.bar.baz'
    

    It would prevent any zope package console script from loading an entry point in the zope package. Based on this possible attack vector, I suggest we disallow the use of .py for console scripts.

    I believe the alternative is to update the console script bootstrap loader to remove the empty string from the path before loading the entry point.

    Danny, what is the use case for adding .py to the entry-point script? What would be the impact if '.py' suffixed script names were disallowed?

  2. Anonymous
  3. Log in to comment