Hi,
I ran into my variation of NixOS/nixpkgs#284753: “Clash between awscli2 and ansible”:
$ nix-shell -p borgmatic awscli2 --run 'aws --version'
Traceback (most recent call last):
bla bla bla
ImportError: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/nix/store/0hh6mhg6giww0h1hccdhv1r07ks25x0k-python3.11-urllib3-2.0.7/lib/python3.11/site-packages/urllib3/util/ssl_.py)
The short version is that both borgmatic
and awscli2
need the python lib urllib3
. And so with this particular incantation, aws
gets the new version that borgmatic
needs, not the old version aws
needs. Reverse the order (nix-shell -p awscli2 borgmatic
) and aws
starts working, but presumably borgmatic
gets broken in subtle ways.
This sounds like it is much bigger than a bug against awscli2
.
I would have hoped that nix-shell
would somehow wrap the two applications so that they each get exactly the dependencies in the correct versions that they each need.
But no.
Instead, nix-shell
sets PYTHONPATH
to include an entry for all the dependencies for both borgmatic
and awscli2
. And so depending on which gets mentioned first, aws
(from awscli2
) either gets the correct or wrong version of urllib3
.
I tried a couple of python applications: ansible
, borgmatic
, thefuck
, and for all of them, PYTHONPATH
gets set with paths to their dependencies when run with nix-shell
.
There is no way that is going to work reliably unless you only can run a single application with nix-shell
and can’t nest them.
Are python applications somehow fundamentally broken on NixOS?
EDIT: A counterargument to this is that this does work:
$ nix-shell -p borgmatic awscli2 --run 'PYTHONPATH= aws --version'
aws-cli/2.13.33 Python/3.11.8 Linux/6.1.87 source/x86_64.nixos.23 prompt/off
So for some reason nix-shell
sets PYTHONPATH
even though neither borgmatic
nor aws
needs it. Why?
I thought this form of dependency-hell was exactly the problem NixOS set out to solve. What am I missing?