Trying to learn some Python and use some of the nice and shiny libraries available for it.
Problem: Need to use MySQL to store some data. Have to figure out how to connect and use the MySQL DB from Python3.
Several places suggest using a Python package called MySQLdb. Seems fine but does not support Python3 at this time. Installation seems a bit of a pain as well with downloading this and that from different places on different platforms. Also, if there is an “official” version/package I would prefer that. Turns out is an “official” package called MySQL Connector from Oracle. Trying to use that.
Problem again: The “official” site (http://dev.mysql.com/downloads/connector/python/ at this time) hosts some “installer” files to download. So I download one and run the installer. Nothing seems to happen as my Python3 install still does not recognize the package. Why not just “pip3 install xyz”? Such lovely simple thing for me..
So, it appears there is something that can actually be installed with pip. On the internetz I finally find some references to a command as “pip install mysql-connector-python –allow-external mysql-connector-python”. But what does this mean? Well I change pip to pip3 to get Python3 and the “pip3 install mysql-connector-python” seems obvious. The install command with a package name matching the official package. But what is “–allow-external” and why is mysql-connector-python repeated twice?
Some of this info I found in the docs, others on stackoverflow, some is my guessing. So here goes, hoping for corrections where relevant.
The “pip” or “pip3” commands download and install stuff from the Python package index a.k.a. “pypi” (located at https://pypi.python.org/pypi/). The “install” command for “pip” then looks for the given package name in the “pypi” repository and installs one if found. However, only some of the actual install files are located in the “pypi” repository. Some files are just references to an external site. So the flag “–allow-external” tells the “pip” command to also install a package even if it is not in “pypi”. In this case, “pypi” only contains the reference to the package. For security purposes this should still be fine as the “pypi” entry still should contain the checksum of the external file so no malicious stuff should be downloaded with any higher probability than getting one from “pypi”.
And how does it work to find something on “pypi”? There is a search functionality for packages at the “pypi” repository pages. If we type “mysql” in there, we get a hit in the top 10 which has a name “mysql-connector-python 2.0.3”. Looks interesting for this case. If we click on the link, we get an info page. This has information such as author etc that can help (Oracle in this case) to figure out if it is what we are looking for. At the bottom of the page there is a “DOAP record” link. This gives us an XML file which in this case shows the name as “mysql-connector-python”. So this is where I guess the match is made for the “install” command. Then there is a version number for upgrades. Finally, there is a download link with an MD5 checksum embedded in the end. So guessing again, this is where the “–allow-external” goes to download the installed external files and the MD5 checksum is what it uses to check the file is valid.
Whooppee, did we learn something useful? Hope so..
Random experiments in software engineering 