ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

`python-inspector` cannot analyze `s5cmd` package due to `IOException: error=2, No such file or directory`

Open bennati opened this issue 1 year ago • 7 comments

When scanning the repository https://github.com/peak/s5cmd/tree/v2.2.2

The analyzer throws the error: ERROR org.ossreviewtoolkit.plugins.packagemanagers.python.Pip - Unable to determine dependencies for definition file '/builds/oss/oss-review-toolkit/ort-gitlab-ci/project/vendor/github.com/urfave/cli/v2/mkdocs-requirements.txt': IOException: Cannot run program "python-inspector" (in directory "/builds/oss/oss-review-toolkit/ort-gitlab-ci/project/vendor/github.com/urfave/cli/v2"): error=2, No such file or directory Caused by: IOException: error=2, No such file or directory

Tested with ORT 27.0.0, 29.1.0, 32.1.0

bennati avatar Oct 08 '24 08:10 bennati

Are you using the Docker image? Could be related to the notes mentioned here, so please try with ORT 33.1.0.

sschuberth avatar Oct 08 '24 09:10 sschuberth

It's not related: I see the same issue also with 27.0.0

bennati avatar Oct 08 '24 12:10 bennati

It's not related: I see the same issue also with 27.0.0

That should be irrelevant. Only ORT 33.1.0 and above contain the fix to pin the setuptools version. I.e. the issue might be caused by a new version of a requirement of python-inspector, not by some change in an ORT version.

sschuberth avatar Oct 08 '24 12:10 sschuberth

I tested with version 6bb98df and the error is still there. P.s. we build the docker image ourselves

bennati avatar Oct 23 '24 08:10 bennati

While I can't reproduce this locally, I can when using the Docker image. Anyway, I guess it's not python-inspector itself that cannot be found, but some dependency of it. I currently don't have time to investigate this further.

sschuberth avatar Oct 23 '24 17:10 sschuberth

Anyway, I guess it's not python-inspector itself than cannot be found, but some dependency of it.

Guessing further, I believe the "thing" that cannot be found is something that gets called from the s5cmd project's setup.py script as we run python-inspector by default with --analyze-setup-py-insecurely. So a work-around could be to disable this via the respective package manager option.

Could you please give that a try, @bennati?

sschuberth avatar Nov 26 '24 10:11 sschuberth

I tried adding the following to the global config, but the error persists

  analyzer:
    packageManagers:
      Pip:
        options:
          analyzeSetupPyInsecurely: false

bennati avatar Nov 28 '24 10:11 bennati

@bennati, does the issue persist with ORT 71.5.0?

sschuberth avatar Nov 20 '25 13:11 sschuberth