Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: ModuleNotFoundError: No module named 'mismatch' #4655

Closed
teatwig opened this issue Dec 28, 2024 · 5 comments · Fixed by #4669
Closed

fix: ModuleNotFoundError: No module named 'mismatch' #4655

teatwig opened this issue Dec 28, 2024 · 5 comments · Fixed by #4669
Labels
bug Something isn't working
Milestone

Comments

@teatwig
Copy link

teatwig commented Dec 28, 2024

Description

Currently an entrypoint is defined that creates a console script called mismatch.
This tries to call the module mismatch.cli but since it isn't installed it fails with an error.
https://github.com/intel/cve-bin-tool/blob/main/setup.py#L75

The docs explain how to run mismatch "manually" and this works for me: https://github.com/intel/cve-bin-tool/blob/main/doc/mismatch_data.md

Looking at the code it would make more sense to move mismatch.cli into cve_bin_tool (like with csv2cve) to avoid having to provide it as a separate package.

To reproduce

Steps to reproduce the behaviour:

  1. Install cve-bin-tool: pip install cve-bin-tool
  2. Execute the provided mismatch command: mismatch

Expected behaviour:

mismatch runs successfully as if calling python -m cve_bin_tool.mismatch_loader

Actual behaviour:

Traceback (most recent call last):
  File "/usr/local/bin/mismatch", line 5, in <module>
    from mismatch.cli import main
ModuleNotFoundError: No module named 'mismatch'

Version/platform info

Python 3.13.1 running in the official python docker image.

@teatwig teatwig added the bug Something isn't working label Dec 28, 2024
@terriko
Copy link
Contributor

terriko commented Dec 30, 2024

Thanks for letting us know! We'd intended to keep mismatch separate so it could be used and installed separately eventually, but looks like we missed a step about how the files are packaged.

Pinging @inosmeet in case he wants to take a look at it. But I'm guessing he's busy so if anyone else wants to take a stab at it, it should take some reading through setup.py to add the file and possibly some reading of the docs on https://packaging.python.org/

@terriko terriko added this to the 3.4.1 milestone Dec 30, 2024
@Prtm2110
Copy link
Contributor

Prtm2110 commented Jan 1, 2025

Hello, Is this issue already been fixed? Because I tried running mismatch on my editable version and it worked fine I believe

(cev311) xoein@xoeinXD:~/Desktop/CVE-PSF/cve-bin-tool$ mismatch
Mismatch database setup completed successfully.

So I tried normal pip version of cve-bin-tool and it gave module not found error as mentioned in the issue, why would be that so?

@terriko
Copy link
Contributor

terriko commented Jan 2, 2025

@Prtm2110 That's expected!

When you use an editable version you're usually installing from github and have 100% of the files.

When we build the package for pip, we only include a subset of files needed to run the software. That mostly means we don't install the tests and the testing files, which is especially important in our case because our testing files include a bunch of things that "look vulnerable" because they have the names of old components in them. And also it's approximately a thousand files that most people don't need or want unless they intend to do development.

The bug here is that we need to add the mismatch directory into package_data so that when the pip package is built it will include the mismatch files. It won't be fixed in pip until we fix setup.py and I build a new version of the package.

If you're thinking about fixing it, you can follow the instructions on https://packaging.python.org/ to build and test a package locally even though you can't upload to pypi yourself.

@Prtm2110
Copy link
Contributor

Prtm2110 commented Jan 3, 2025

When you use an editable version you're usually installing from github and have 100% of the files.

When we build the package for pip, we only include a subset of files needed to run the software. That mostly means we don't install the tests and the testing files, which is especially important in our case because our testing files include a bunch of things that "look vulnerable" because they have the names of old components in them. And also it's approximately a thousand files that most people don't need or want unless they intend to do development.

Thank you for such a detailed response!

The bug here is that we need to add the mismatch directory into package_data so that when the pip package is built it will include the mismatch files. It won't be fixed in pip until we fix setup.py and I build a new version of the package.

I wasn't quite aware of this, I have now added it to pakage_data and also added __init__ file in mismatch module - build it and it is working fine.

(base) xoein@xoeinXD:~/Desktop/CVE/cve-bin-tool$ mismatch
Mismatch database setup completed successfully.

@terriko
Copy link
Contributor

terriko commented Jan 8, 2025

This auto-closed when I merged the fix, but it won't actually be fixed in pypi until we release 3.4.1. I don't think that'll happen for at least a couple of weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants