Community
OpenEnergyMonitor

OpenEnergyMonitor Community

WARNING: pip is being invoked by an old script wrapper

I note this WARNING has started to appear when running updates @TrystanLea @glyn.hudson.

Reading the Issue directed to (https://github.com/pypa/pip/issues/5599) I think this is caused by Item 2 -

Never use sudo with pip . This follows on from the first point. If you think you need to use sudo, you’re probably trying to modify a distribution-owned file. See point 1.

Which I have been saying for several years.

I’m not sure if it will solve it, but first step I suggest is to remove the sudo from all instances where pip3 is invoked with in the OEM/emoncms repositories and ensure pip3 is called on all update scripts so any missing packages will be installed.

My 2p FWIW. Perl has an excellent system for managing system and user installations and vendor versus site installations that has worked well for many years. Given that shining example, it’s a pity the python world has managed to get itself into such a mess over such topics :cry:

1 Like

I just happened to stumble across this whilst reading up on the current raspOS position on Python2/3, pip2/3 before embarking on another Python project. It relates directly to my comments earlier in another thread (Problem installing the python-kasa package for use with TP-Link HS110)

So the RPF are recommending the use of sudo with pip(3) and I guess that is for the reasons I give in the other thread, to install the packages system-wide, in the same way the distro package manager does.

1 Like

Have you a link to that screenshot page?

Sorry I could have sworn I had posted one. Here it is

1 Like

The link is https://github.com/raspberrypi/documentation/linux/software/python.md

I just raised an issue on it pointing out it contradicts the advice that Brian noticed.

As pointed out in the other thread this is right can of worms and the use of sudo is desirable to get the pip installed packages to align with the distro installed python packages. The “purists” advice in that discussion is good if you have also done all the other recommendations and are running everything under your own user and in a virtual env.

I hope that page is not changed, unless a better way of managing the packages is rolled out first. The simple way to avoid using sudo pip is don’t install any python packages that cannot be installed via the OS package manager. Just not using sudo will cause many more issues than the relatively low chance of malicious code being run as root, TBH, even if the package was installed under a non-root user, most scripts (on here) tend to be run by root or as pi with sudo. So the malicious code could still get in and be run as root.

Again I point out I’m not saying it’s right, but it’s definitely the lesser evil and a necessary evil IMO.

PS that link doesn’t work (“not found”), either you meant https://github.com/raspberrypi/documentation/blob/master/linux/software/python.md, https://github.com/raspberrypi/documentation/issues/1752 or maybe https://www.raspberrypi.org/documentation/linux/software/python.md as per my last post?