dissect icon indicating copy to clipboard operation
dissect copied to clipboard
verified publisher icon fox-it

Add update tool

Open JSCU-CNI opened this issue 1 year ago • 6 comments

This PR adds an update utility to the dissect meta package and fixes #70. The goal is to provide users with one simple method of updating the dissect suite, no matter the installation method. The updater relies on the pyproject.toml dependencies definition.

We are open for better solutions. This script has worked well for us for some time, but perhaps we can find a better way to create a unified update solution.

JSCU-CNI avatar Sep 09 '24 14:09 JSCU-CNI

Thank you! Looks like a very interesting and useful solution. I'm going to try it myself!

cecinestpasunepipe avatar Sep 10 '24 07:09 cecinestpasunepipe

Thanks @cecinestpasunepipe, please let me know what you think. I've added some more features in 2e09e83 and 6faacb7. Output should now show version changes and we now support editable git install updates too.

JSCU-CNI avatar Sep 10 '24 09:09 JSCU-CNI

If you don't mind me asking, what does this solve that a

pip install --upgrade dissect

won't do?

pyrco avatar Sep 12 '24 11:09 pyrco

If you don't mind me asking, what does this solve that a pip install --upgrade dissect won't do?

That's a valid question, thanks for asking @pyrco. This is primarily helpful for installations with either:

  1. editable installs of (some or all) dissect git repositories
  2. modified or non-strict pyproject.toml dissect dependencies

If you have installed dissect using a "regular" pip install dissect, and you want to update to the latest non-pre release of dissect, this tool will still work for you, but you could indeed also use pip install -U dissect directly.

Unfortunately running pip install -U dissect will not cut it if you depend on for example dev versions of packages. If the defined version(s) in the pyproject.toml dependencies dict are broad (e.g. foo>1.0.0.dev,<2.0.0.dev) and pip has a local cache, pip will not even look in the remote registry for a newer version. Iterating over every dependency fixes that. This seems to be intended pip behaviour unfortunately.

We have had some hard to identify issues in the past due to some dependencies being out-of-date and some being up-to-date due to the described pip dependency resolving. This helper utility aims to remove these struggles once and for all by providing a unified known-good updating method, no matter the installation method (git+editable, pypi) or dependency definition (regular or modified) that was used.

JSCU-CNI avatar Sep 12 '24 12:09 JSCU-CNI

Hi @JSCU-CNI , please open an issue and attache this PR so we can schedule a review into our sprints.

EinatFox avatar Oct 02 '24 09:10 EinatFox

Hi @JSCU-CNI, can you address the review comments or otherwise say if this PR is still necessary for you?

Schamper avatar Sep 23 '25 07:09 Schamper