hardlinking dependencies causes issues when trying to delete a `.venv` via python on Windows

[linde12]

Scenario

I have a script in a venv (EnvA) that:

• creates a new uv venv (EnvB)
• installs some packages to the new venv (EnvB)
• runs a script in that venv(EnvB)
• tries to delete EnvB via the EnvA script.

However the venv deletion fails on Windows since there are overlapping dependencies between the two environments (both depend on e.g. markupsafe which contains pyd files that are automatically loaded by python)

This is because UV uses hardlinks to the uv cache, so deleting that file fails since it is hardlinked to the file in uv cache and that file (.pyd) is automatically loaded by python.

Switching to using symlinks solves the issue, but i don't have control over how users will run this script. What is the decision behind using hardlinks by default on windows? I have little control over how the application runs uv (done by 3rd party library) so this is causing issues for my users. I guess i could patch the environment variable UV_LINK_MODE env var before invoking the 3rd party lib, but that feels like a hack and i'm not sure if it will work well.

Minimally reproducible example

1. Create a new venv: uv venv .venv
2. Install markupsafe into that venv: uv pip install markupsafe
3. Create a main.py with contents like so:

import subprocess
import shutil
import os

os.mkdir("testdir")
subprocess.run(["uv", "venv", ".venv"], cwd="./testdir")
subprocess.run(["uv", "pip", "install", "markupsafe"], cwd="./testdir")
shutil.rmtree("testdir")

4. Run main.py via python main.py
5. Notice that it will fail on Windows: PermissionError: [WinError 5] Access is denied: 'testdir\\.venv\\Lib\\site-packages\\markupsafe\\_speedups.cp310-win_amd64.pyd'
6. Try changing link mode (e.g. via environment variable) to symlink and see that it then works when running python main.py

I think it boils down to python automatically loading .pyd files in your venv and then uv hardlinking to the cache, and when the file is loaded/has open file descriptors windows will not allow us to delete the hardlink. This is not only an issue for only markupsafe, but all libraries that use .pyd files, this was just an example.

tl;dr

if you have a python script, with any dependency containing a .pyd file, and this script tries to delete a .venv containing a hardlink to the same .pyd file then Windows will throw you an "Access is denied" error.

Version

uv: 0.4.17

[linde12]

I guess i could patch the environment variable UV_LINK_MODE env var before invoking the 3rd party lib, but that feels like a hack and i'm not sure if it will work well.

symlink mode won't work either (unless developer mode or admin) but copy can be a workaround i guess :-/

[charliermarsh]

I appreciate the clear write-up but I'm not sure that this is a bug and I'm also not sure that there's anything for us to do here. I guess we could "always" copy .pyd files on Windows, even if hardlinks are enabled?

[zanieb]

It seems weird that you can't delete any hardlink when an fd is open? It seems like they should just stop you from deleting the last one.

[linde12]

I appreciate the clear write-up but I'm not sure that this is a bug and I'm also not sure that there's anything for us to do here. I guess we could "always" copy .pyd files on Windows, even if hardlinks are enabled?

Thanks. Yeah i'm not sure either, just wanted to bring it up. It's a foot-shotgun turned rabbit hole that i encountered.

Copying would solve the problem, at the cost of disk space and performance (?) I'm not sure if that's better in favor of being more compatible with how it works using pip/virtualenv, or if this can be considered an acceptable discrepancy? Maybe it's fine if it is documented somehow, but its also kind of very specific.

It seems weird that you can't delete any hardlink when an fd is open? It seems like they should just stop you from deleting the last one.

Right?! I was confused as well, i guess its windows-related 🤷

@charliermarsh @zanieb
Thanks for all your hard work by the way, uv is awesome!

[bluss]

Thanks @linde12, you explained some of the problems I've seen in windows CI. I'll test the link mode as a solution to them.. (edit: yes 🙂 )

[zanieb]

It sort of feels like we should just force copy of these files :/ I don't love it though

[kahojyun]

Unable to reproduce on my computer. I can delete the whole uv cache folder successfully with matplotlib window opened, and the File Locksmith utility from powertoys shows that lots of pyd files under matplotlib and numpy are in use.
This might be related to other factors like Windows version or Windows defender scanning the newly created venv.

[linde12]

@kahojyun mind running the example just to make sure? I was able to reproduce it on the two different windows 10 (i don't run windows myself and can't test on win11) machines, both when running mingw bash and regular powershell. One with python 3.8 and the other python 3.10 (just to make sure it wasn't python acting up).

I used strace (mingw) and could see that the .pyd was being loaded (regardless if i imported markupsafe or not) and as soon as that happened i could delete the entire .venv except the .pyd file.

Maybe also, to be extra sure, set the UV_LINK_MODE to hardlink explicitly? E.g. UV_LINK_MODE=hardlink strace python main.py

[kahojyun]

Tried with powershell 7 on win11:

~\uvtest
❯ rm env:UV_CACHE_DIR

~\uvtest
❯ $env:UV_LINK_MODE="hardlink"

~\uvtest
❯ $env:UV_PYTHON="3.8"

~\uvtest
❯ uv venv .venv
Using CPython 3.8.20
Creating virtual environment at: .venv
Activate with: .venv\Scripts\activate

~\uvtest
❯ uv pip install markupsafe
Resolved 1 package in 1.16s
Prepared 1 package in 90ms
Installed 1 package in 10ms
 + markupsafe==2.1.5

~\uvtest
❯ nvim main.py

~\uvtest via 🐍 v3.12.6 took 9s
❯ uv run main.py
Using CPython 3.8.20
Creating virtual environment at: .venv
Activate with: .venv\Scripts\activate
Audited 1 package in 1ms

~\uvtest via 🐍 v3.12.6
❯ .\.venv\Scripts\python.exe .\main.py
Using CPython 3.8.20
Creating virtual environment at: .venv
Activate with: .venv\Scripts\activate
Resolved 1 package in 7ms
Installed 1 package in 10ms
 + markupsafe==2.1.5

I don't have mingw and bash to try the exact command.

[linde12]

Interesting, maybe the .pyd in question isnt being loaded

[linde12]

Here is a repo with two actions. One running win-11 and one win-10. It uses the example, but now i also import and use markupsafe (because it worked fine when i did not import it apparently, not sure why i got different behaviors)

https://github.com/linde12/uv-py-hardlink-windows

[kahojyun]

Here is a repo with two actions. One running win-11 and one win-10. It uses the example, but now i also import and use markupsafe (because it worked fine when i did not import it apparently, not sure why i got different behaviors)

https://github.com/linde12/uv-py-hardlink-windows

I tried tweaking these workflows and found that running with pwsh instead of bash exited normally. Weird