Installing via `setup.py develop` fails - pip works

Question

My python package footools needs html5lib via install_requires in setup.py.

setup.py develop fails

Installing via setup.py develop fails:

cd src/footools/
python setup.py develop

Processing dependencies for footools==2016.205
Searching for html5lib==0.9999999
Reading https://source.example.com/pypi/simple/html5lib/
Download error on https://source.example.com/pypi/simple/html5lib/: 
   [Errno 185090050] _ssl.c:354: error:0B084002:x509 
   certificate routines:X509_load_cert_crl_file:system lib -- 
   Some packages may not be found!
Couldn't find index page for 'html5lib' (maybe misspelled?)

pip works

But direct download works:

bar@workdevel123:~/src/footools> pip install html5lib==0.9999999
/home/bar/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:79: 
InsecurePlatformWarning: A true SSLContext object is not available. 
This prevents urllib3 from configuring SSL appropriately
and may cause certain SSL connections to fail. 
For more information, see 
https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Collecting html5lib==0.9999999
/home/bar/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:79: 
    InsecurePlatformWarning: A true SSLContext object is not available. 
    This prevents urllib3 from configuring SSL appropriately and
    may cause certain SSL connections to fail. 
    For more information,
    see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading https://source.example.com/pypi/packages/html5lib-0.9999999.tar.gz
Requirement already satisfied (use --upgrade to upgrade):
six in /usr/lib/python2.7/site-packages (from html5lib==0.9999999)
Installing collected packages: html5lib
  Running setup.py install for html5lib
Successfully installed html5lib-0.9999999

Questions

What is the difference between these two methods?

Why are they different?

What is the correct way to install a dependency in python?

setup.py

The setup.py is not special:

import setuptools

setuptools.setup(
    name='foo',
    version='2016.210',
    long_description=open('README.txt').read(),
    packages=setuptools.find_packages(),
    install_requires=[
        # about twenty packages before this line
        'html5lib==0.9999999'
],
    include_package_data=True,
    entry_points={
        'console_scripts': [
            'foo=foo.utils.bar:main',
        ],
    },
)

Answer 1

python setup.py develop, or setuptools in general uses easy_install to satisfy dependencies which in turn uses urllib2 whereas pip uses requests. See here for easy_install vs pip.
pip is more modern and among other things has capability to uninstall packages and complies with PEP 438 -- Transitioning to release-file hosting on PyPI. You can achieve the same thing as python setup.py develop with pip install -e src/footools/, note if the project path is in the current directory use, ./footools.

The requests package bundles CA certs in the package itself, python -c 'import pip;print(pip.download.requests.certs.where())'.

setuptools uses system installed CA certs python -c 'from setuptools import ssl_support;print(ssl_support.cert_paths)'.

You have to update system installed CA certs using tools like update-ca-certificates for Ubuntu to either update CA certs automatically or download from https://curl.haxx.se/docs/caextract.html and install into one of the paths shown by setuptools or set setuptools.ssl_support.cert_paths to an empty sequence like [] and do pip install certifi.
Calling setuptools.ssl_support.find_ca_bundle() will reveal the location of CA certs.

Answer 2

What is the difference between these two methods?

Nothing terribly important to you as a user, aside from their different user interfaces. They are two stops on the scenic historical train ride of Python package management. There were others along the way.

Why are they different?

Back in the day, Python didn't ship with a package management system. Third party solutions filled the void. They were designed by different people at different moments in time. If you look at other programming languages, you sometimes see similar stories; sometimes you see happier stories; sometimes more tragic.

What is the correct way to install a dependency in python?

Both of these methods are technically correct. Pip is the more modern method, and in my experience it is both more popular and handier to work with. As of Python 3.4 and up, Pip has been included in the CPython distribution and is officially 'preferred'. So you can see which way the wind is blowing.

Answer 3

setuptools is a collection of enhancements to the Python distutils (for Python 2.6 and up) that allow developers to more easily build and distribute Python packages, especially ones that have dependencies on other packages.

So, among other stuff, you can create packages that can be upload to Pypi, and later installed using pip (therefore distibuting your module).

That said, they actually should not be that different in the installation part. You are running the develop mode, so maybe you have to fiddle a bit with the directories or fix the authorization error.

In the Development Mode the project is deployed into a staging area (in some way similar to the process of a virtual environment)

deployment is done in such a way that changes to the project source are immediately available in the staging area(s), without needing to run a build or install step after each change.

Meaning also everything will be available for that python interpreter. It can be later unstaged.

I noticed that html5lib is being fetched from different places: /pypi/simple/in one case and /pypi/packages/ in the other.

dependency_links A list of strings naming URLs to be searched when satisfying dependencies. These links will be used if needed to install packages specified by setup_requires or tests_require.

Back to the problem I think it is most probably the ssl issue, since in pip it handled graciously (i.e., nice warning and there is some kind of workaround), but the same does not happen with setuptools. If there is an error in the request that is not handled then Couldn't find index page for 'html5lib' could be because of that.