yum
upgrades for production use, this is the repository for you.
Active subscription is required.
It is quite unfortunate that there is very little stating on the web of the quite obvious thing to be aware of.
In plain text, with big loud characters, I’ll put it here for everyone to remember:
Do not ever run pip
as root
Here, I’m going to touch on why not to run pip
as root, give some examples on how it’s going to break things miserably, and what to do instead.
Let’s go.
Python and your system
Each Linux/GNU distro in unique in some wat. But their common feature is the package management system.
For Debian-based systems, that is apt
. For CentOS/RHEL, it’s yum
or dnf
, and this is what we’ll touch in our examples.
You will find that many Python modules are available through the yum
repositories as RPM packages, e.g.:
python2-requests
python2-tqdm
- etc, etc.
You can simply install them as any other packages, for example:
sudo yum install python2-requests
Python modules that are available through yum
(dnf
) often serve as a base for the core OS functions like yum
itself.
Not even that. All the packaged software that depends on Python modules in one way or the other, will depend on the system-packaged Python modules.
pip
Now, pip
is the installer/manager for Python modules available via PyPi.
But it has no idea whatsoever about your package manager.
It has no idea about RPM format either, nor about what you already have installed through the system (yum
) packages.
So when you invoke pip
as root, it will more than likely overwrite Python modules that were installed via system packages.
The result of running pip
as root, would be a dirty mix of Python modules installed via yum
package management, and pip
installed Python modules.
Example of breakage
For the illustration, I’m going to install the certbot
package. It is a program for generating free TLS certificates:
sudo yum -y install epel-release
sudo yum install certbot
sudo certbot register # works fine
Now say you have the itch to install the latest and greatest version of a Python app that is not available via yum
.
You went to its GitHub project package that wants you to install via pip
.
And so you run pip install ...
as root. Little did you know that the app required newer requests
Python module.
The installation went through just fine, fetching and installing the newest version of requests
Python library.
Which would be equivalent to (attention, do not run! example only):
sudo pip install -U requests
What now? Your great new app is working fine, but the certbot
IS BROKEN with an error message:
ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.
Why that is? Because we’ve brought in newer requests
library that requires newer pyOpenSSL
.
We’ve created a mess of the machine by mixing Python modules from pip
with Python modules/apps installed via system RPM packages.
You’ll have a hard time restoring things to a working state.
This is an easy example because there is an obvious failure in running certbot
now.
But in other cases, you may not even notice the breakage, and things will just work in a weird way.
Remember. What makes the CentOS a Community Enterprise OS? It is packaging, of course!
When you install software in a way that mixes custom on top the system, you’re asking for trouble!
What to do instead
Software that is not available through the system packages (read, RPM) should either be packaged as such, or installed in a directory where it won’t tamper with the system packages function.
Python has a great concept of virtual environments. Essentially you can create a directory that holds all the Python modules for a Python app to run.
It is, however, not an easy concept for some folks. So a simple thing you can do to leverage Python virtualenvs in a user-friendly way, is to use pip-safe.
The pip-safe
will allow you to install newest Python apps without damaging your system packages.
Install pip-safe
pip-safe
itself is available via system packages, on CentOS/RHEL 7 and 8.
sudo yum install https://extras.getpagespeed.com/release-latest.rpm
sudo yum install pip-safe
Install a Python app
pip-safe install lastversion
We’ve just installed lastversion
CLI utility from PyPi. Wen can now run it simply as lastversion linux
and get the latest Linux kernel version.
How it works, behind the scenes
It installs each program into its own virtualenv at ~/.virtualenvs/<pypi-name>
, and symlinks whichever executables it has over to ~/.local/bin/<cli-name>
.
Simple and easy! Each program lives in its own virtual environment, so it can have whatever required Python module versions for it.
All without touching your system Python modules.
Install a Python app, for all users
You can also install a Python app from PyPi system-wide, by passing the --system
switch:
pip-safe --system install lastversion
How it works, behind the scenes
Similar to user install, a program is installed into a virtualenv of its own.
The only difference is that system-wide Python apps are installed to /opt/pip-safe
and their binaries are symlinked to /usr/local/bin/
.
Manage Python apps, the safe way
Of course, pip-safe
allows also listing and removing installed Python apps.
List installed Python packages/apps
pip-safe list
Remove a Python app
pip-safe remove <name>