colindean/README.md

## README.md

      
    Raw
  

              README.md
            
          
    The source for https://install.python-poetry.org is not in https://github.com/python-poetry/poetry

TL;DR There are two different versions of install-poetry.py out there. Make sure you're using the right one!
The recommended path to install Poetry is this:

curl -sSL https://install.python-poetry.org | python3 -


It's rational to avoid direct-from-curl execution like this, lest someone compromise install.python-poetry.org. It's rational instead to retrieve the installation script directly from GitHub while the version on GitHub is the
same as what's available at that URL.
https://install.python-poetry.org is published by https://github.com/python-poetry/install.python-poetry.org, not by https://github.com/python-poetry/poetry. The two both have an install-poetry.py but they are not the same!
python-poetry/install.python-poetry.org@f0d4b98a has fixes not yet available as of python-poetry/poetry@16cb29cb.
⚠️ If you're going to pull from GitHub instead of from https://install.python-poetry.org for security reasons, then please ensure to pull from the correct source repository.
Attachment: output of
diff -u \
  <(curl https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py) \
  <(curl https://install.python-poetry.org/) \
> poetry@16cb29c-vs-install.python-poetry.org@f0d4b98.patch
while those hashes were the newest at their respective sources.

  
## poetry@16cb29c-vs-install.python-poetry.org@f0d4b98.patch
--- /dev/fd/63	2022-02-25 17:10:16.000000000 -0500
+++ /dev/fd/62	2022-02-25 17:10:16.000000000 -0500
@@ -22,6 +22,7 @@
 import site
 import subprocess
 import sys
+import sysconfig
 import tempfile

 from contextlib import closing
@@ -36,6 +37,7 @@

 SHELL = os.getenv("SHELL", "")
 WINDOWS = sys.platform.startswith("win") or (sys.platform == "cli" and os.name == "nt")
+MINGW = sysconfig.get_platform().startswith("mingw")
 MACOS = sys.platform == "darwin"

 FOREGROUND_COLORS = {
@@ -96,8 +98,8 @@
     if WINDOWS:
         return (
             os.getenv("ANSICON") is not None
-            or os.getenv("ConEmuANSI") == "ON"
-            or os.getenv("Term") == "xterm"
+            or "ON" == os.getenv("ConEmuANSI")
+            or "xterm" == os.getenv("Term")
         )

     if not hasattr(sys.stdout, "fileno"):
@@ -158,7 +160,7 @@

     user_base = site.getuserbase()

-    if WINDOWS:
+    if WINDOWS and not MINGW:
         bin_dir = os.path.join(user_base, "Scripts")
     else:
         bin_dir = os.path.join(user_base, "bin")
@@ -273,16 +275,22 @@
 class VirtualEnvironment:
     def __init__(self, path: Path) -> None:
         self._path = path
-        # str is required for compatibility with subprocess run on CPython <= 3.7 on
-        # Windows
+        self._bin_path = self._path.joinpath(
+            "Scripts" if WINDOWS and not MINGW else "bin"
+        )
+        # str is required for compatibility with subprocess run on CPython <= 3.7 on Windows
         self._python = str(
-            self._path.joinpath("Scripts/python.exe" if WINDOWS else "bin/python")
+            self._path.joinpath(self._bin_path, "python.exe" if WINDOWS else "python")
         )

     @property
     def path(self):
         return self._path

+    @property
+    def bin_path(self):
+        return self._bin_path
+
     @classmethod
     def make(cls, target: Path) -> "VirtualEnvironment":
         try:
@@ -314,8 +322,7 @@

         env = cls(target)

-        # we do this here to ensure that outdated system default pip does not trigger
-        # older bugs
+        # we do this here to ensure that outdated system default pip does not trigger older bugs
         env.pip("install", "--disable-pip-version-check", "--upgrade", "pip")

         return env
@@ -470,7 +477,10 @@
         elif self._path:
             version = self._path
         else:
-            version, current_version = self.get_version()
+            try:
+                version, current_version = self.get_version()
+            except ValueError:
+                return 1

         if version is None:
             return 0
@@ -482,8 +492,7 @@
             mx = self.VERSION_REGEX.match(x)

             if mx is None:
-                # the version is not semver, perhaps scm or file, we assume upgrade is
-                # supported
+                # the version is not semver, perhaps scm or file, we assume upgrade is supported
                 return True

             vx = tuple(int(p) for p in mx.groups()[:3]) + (mx.group(5),)
@@ -493,9 +502,8 @@
             self._write(
                 colorize(
                     "warning",
-                    f"You are installing {version}. When using the current installer,"
-                    " this version does not support updating using the 'self update'"
-                    " command. Please use 1.1.7 or later.",
+                    f"You are installing {version}. When using the current installer, this version does not support "
+                    f"updating using the 'self update' command. Please use 1.1.7 or later.",
                 )
             )
             if not self._accept_all:
@@ -606,12 +614,8 @@
         self._install_comment(version, "Creating script")
         self._bin_dir.mkdir(parents=True, exist_ok=True)

-        script = "poetry"
-        script_bin = "bin"
-        if WINDOWS:
-            script = "poetry.exe"
-            script_bin = "Scripts"
-        target_script = env.path.joinpath(script_bin, script)
+        script = "poetry.exe" if WINDOWS else "poetry"
+        target_script = env.bin_path.joinpath(script)

         if self._bin_dir.joinpath(script).exists():
             self._bin_dir.joinpath(script).unlink()
@@ -755,11 +759,10 @@
         )

         if self._version and self._version not in releases:
-            self._write(
-                colorize("error", "Version {} does not exist.".format(self._version))
-            )
+            msg = "Version {} does not exist.".format(self._version)
+            self._write(colorize("error", msg))

-            return None, None
+            raise ValueError(msg)

         version = self._version
         if not version:
@@ -887,22 +890,11 @@
                 text=True,
             )
             installer._write(colorize("error", f"See {path} for error logs."))
-            text = (
-                f"{e.log}\n"
-                f"Traceback:\n\n{''.join(traceback.format_tb(e.__traceback__))}"
-            )
+            text = f"{e.log}\nTraceback:\n\n{''.join(traceback.format_tb(e.__traceback__))}"
             Path(path).write_text(text)

         return e.return_code


 if __name__ == "__main__":
-    sys.stdout.write(
-        colorize(
-            "warning",
-            "The canonical source for Poetry's installation script is now"
-            " https://install.python-poetry.org. Please update your usage to reflect"
-            " this.\n",
-        )
-    )
     sys.exit(main())
	--- /dev/fd/63 2022-02-25 17:10:16.000000000 -0500
	+++ /dev/fd/62 2022-02-25 17:10:16.000000000 -0500
	@@ -22,6 +22,7 @@
	import site
	import subprocess
	import sys
	+import sysconfig
	import tempfile

	from contextlib import closing
	@@ -36,6 +37,7 @@

	SHELL = os.getenv("SHELL", "")
	WINDOWS = sys.platform.startswith("win") or (sys.platform == "cli" and os.name == "nt")
	+MINGW = sysconfig.get_platform().startswith("mingw")
	MACOS = sys.platform == "darwin"

	FOREGROUND_COLORS = {
	@@ -96,8 +98,8 @@
	if WINDOWS:
	return (
	os.getenv("ANSICON") is not None
	- or os.getenv("ConEmuANSI") == "ON"
	- or os.getenv("Term") == "xterm"
	+ or "ON" == os.getenv("ConEmuANSI")
	+ or "xterm" == os.getenv("Term")
	)

	if not hasattr(sys.stdout, "fileno"):
	@@ -158,7 +160,7 @@

	user_base = site.getuserbase()

	- if WINDOWS:
	+ if WINDOWS and not MINGW:
	bin_dir = os.path.join(user_base, "Scripts")
	else:
	bin_dir = os.path.join(user_base, "bin")
	@@ -273,16 +275,22 @@
	class VirtualEnvironment:
	def __init__(self, path: Path) -> None:
	self._path = path
	- # str is required for compatibility with subprocess run on CPython <= 3.7 on
	- # Windows
	+ self._bin_path = self._path.joinpath(
	+ "Scripts" if WINDOWS and not MINGW else "bin"
	+ )
	+ # str is required for compatibility with subprocess run on CPython <= 3.7 on Windows
	self._python = str(
	- self._path.joinpath("Scripts/python.exe" if WINDOWS else "bin/python")
	+ self._path.joinpath(self._bin_path, "python.exe" if WINDOWS else "python")
	)

	@property
	def path(self):
	return self._path

	+ @property
	+ def bin_path(self):
	+ return self._bin_path
	+
	@classmethod
	def make(cls, target: Path) -> "VirtualEnvironment":
	try:
	@@ -314,8 +322,7 @@

	env = cls(target)

	- # we do this here to ensure that outdated system default pip does not trigger
	- # older bugs
	+ # we do this here to ensure that outdated system default pip does not trigger older bugs
	env.pip("install", "--disable-pip-version-check", "--upgrade", "pip")

	return env
	@@ -470,7 +477,10 @@
	elif self._path:
	version = self._path
	else:
	- version, current_version = self.get_version()
	+ try:
	+ version, current_version = self.get_version()
	+ except ValueError:
	+ return 1

	if version is None:
	return 0
	@@ -482,8 +492,7 @@
	mx = self.VERSION_REGEX.match(x)

	if mx is None:
	- # the version is not semver, perhaps scm or file, we assume upgrade is
	- # supported
	+ # the version is not semver, perhaps scm or file, we assume upgrade is supported
	return True

	vx = tuple(int(p) for p in mx.groups()[:3]) + (mx.group(5),)
	@@ -493,9 +502,8 @@
	self._write(
	colorize(
	"warning",
	- f"You are installing {version}. When using the current installer,"
	- " this version does not support updating using the 'self update'"
	- " command. Please use 1.1.7 or later.",
	+ f"You are installing {version}. When using the current installer, this version does not support "
	+ f"updating using the 'self update' command. Please use 1.1.7 or later.",
	)
	)
	if not self._accept_all:
	@@ -606,12 +614,8 @@
	self._install_comment(version, "Creating script")
	self._bin_dir.mkdir(parents=True, exist_ok=True)

	- script = "poetry"
	- script_bin = "bin"
	- if WINDOWS:
	- script = "poetry.exe"
	- script_bin = "Scripts"
	- target_script = env.path.joinpath(script_bin, script)
	+ script = "poetry.exe" if WINDOWS else "poetry"
	+ target_script = env.bin_path.joinpath(script)

	if self._bin_dir.joinpath(script).exists():
	self._bin_dir.joinpath(script).unlink()
	@@ -755,11 +759,10 @@
	)

	if self._version and self._version not in releases:
	- self._write(
	- colorize("error", "Version {} does not exist.".format(self._version))
	- )
	+ msg = "Version {} does not exist.".format(self._version)
	+ self._write(colorize("error", msg))

	- return None, None
	+ raise ValueError(msg)

	version = self._version
	if not version:
	@@ -887,22 +890,11 @@
	text=True,
	)
	installer._write(colorize("error", f"See {path} for error logs."))
	- text = (
	- f"{e.log}\n"
	- f"Traceback:\n\n{''.join(traceback.format_tb(e.__traceback__))}"
	- )
	+ text = f"{e.log}\nTraceback:\n\n{''.join(traceback.format_tb(e.__traceback__))}"
	Path(path).write_text(text)

	return e.return_code


	if __name__ == "__main__":
	- sys.stdout.write(
	- colorize(
	- "warning",
	- "The canonical source for Poetry's installation script is now"
	- " https://install.python-poetry.org. Please update your usage to reflect"
	- " this.\n",
	- )
	- )
	sys.exit(main())