Critical: Autoupdate installs Python 3.9 too early killing all critical python packages

Maxim_Godzi · December 18, 2020, 6:05pm

I need to highlight this issue. The os update tonight had just destroyed my python environment, as most of python libs essential for my work are not yet compatible with python 3.9, requiring python 3.7.

More info here:

I don’t have any option to rollback as I see it was removed as an option (see discussion “rollback-update/40” ) and can’t downgrade python either (see discussion topic “is-it-possible-to-downgrade-single-packages/3115”)

Due to these errors, I am forced to stop being a loyal Clear Linux user and switch back to Ubuntu. Which is sad. Do you have any options on how to overcome this issue?

doct0rHu · December 18, 2020, 6:24pm

Have you heard of pyenv and virtualenv?

Siddharth_Naithani · December 18, 2020, 11:35pm

Roll back the complete distro to previous version :

sudo swupd verify -m <version number> --fix --force

After that :

sudo swupd repair

And try using mixer to manage your python updates. Python is volatile and any cutting edge distro like clear would have broken it anyways (fedora and void too). Ubuntu uses lts versioning of itself so it is stable but gets a fewer kernel or other “core” updates.

You can also see changelogs here before updating (34100 -> clear -> RELEASENOTES).

doct0rHu · December 18, 2020, 10:02pm

There is no need of rolling back OS for python.
You should use virtualenv and install multiple Python versions.

Maxim_Godzi · December 18, 2020, 11:35pm

Thank you for your reply. I based my topic on this answer: Is it possible to downgrade single packages? , probably it would be helpful if you can comment there as well.

Due to some other constraints, virtualenv was not a good choice for me.

This solution you had suggested worked great for me:
“Roll back the complete distro to previous version :
sudo swupd verify -m --fix --force
After that :
sudo swupd repair”

Thank you a lot!

doct0rHu · December 18, 2020, 11:11pm

No they’re not related.
That post is on how to rollback a OS update.

For Python specifically, you should always use a virtual environment.
Your workaround is not solution.

Businux · December 19, 2020, 12:38am

Don’t forget Conda.

Miniconda is a free minimal installer for conda. It is a small, bootstrap version of Anaconda that includes only conda, Python, the packages they depend on, and a small number of other useful packages, including pip, zlib and a few others. Use the conda install command to install 720+ additional conda packages from the Anaconda repository.

https://towardsdatascience.com/environment-management-with-conda-python-2-3-b9961a8a5097

fabriclogin · December 19, 2020, 2:20pm

With the recent cybersecurity hack, having rolling updates @ the OS layer will probably become a requirement. I’m happy to see that Clear Linux gas this feature baked-in. For production environments some stability is expected, but that friction can be unnatural for end users or developers. Security is important. The suggestions here are indeed helpful and you also may want to consider setting up a secondary environment to automate any tests after an autoupdate. Once your tests pass successfully you can destroy the sandbox assuming you’re using a virtual environment. Storage is cheap when compared to the work involved with a security breach.

inmanturbo · December 21, 2020, 9:02pm

Or pipenv ?? There are plenty of options. One of pythons biggest advantages is flexibility across environments. Rolling back an entire system over a python library seems well, strange.

pipenv allows you to actually define your environment as code! Example below:

[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]

[packages]
fastapi = "*"
jinja2 = "*"
aiofiles = "*"
uvicorn = "*"
sqlalchemy = "*"
mysql-connector-python = "*"

[requires]
python_version = "3.8"

[scripts]
start = "python run.py"