According to pip documentation, it is possible to specify the hash of a requirement in the requirements.txt file. Is it possible to get the same by specifying the hash in the setup.py so that the hash is checked when someone simply does <code>pip install <package></code>?. I'm specifying the requirements in the setup.py by passing the <code>install_requires</code> keyword argument to the <code>setup</code> function in the distutils package. <pre class="prettyprint"><code>from distutils.core import setup from setuptools import find_packages setup(name='<package-name>', ... ... install_requires=['ecdsa==0.13', 'base58==0.2.5'] </code></pre> Maybe there is another way to achieve the same but i couldn't find any documentation.

Currently, I don't believe there is a simple way to specify a hash check within setup.py. My solution around it is to simply use virtualenv with hashed dependencies in requirements.txt. Once installed in the virtual environment you can run pip setup.py install and it will check the local environment (which is your virtual environment) and the packages installed is hashed. Inside requirements.txt your hashed packages will look something like this: <pre class="prettyprint"><code>requests==2.19.1 \ --hash=sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1 \ --hash=sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a </code></pre> Activate your virtualenv and install requirements.txt file: <pre class="prettyprint"><code>pip install -r requirements.txt --require-hashes </code></pre>

Hash Checking in setup.py install requires

Tags:

python

pip

setup.py

setuptools

distutils

According to pip documentation, it is possible to specify the hash of a requirement in the requirements.txt file. Is it possible to get the same by specifying the hash in the setup.py so that the hash is checked when someone simply does pip install <package>?. I'm specifying the requirements in the setup.py by passing the install_requires keyword argument to the setup function in the distutils package.

from distutils.core import setup
from setuptools import find_packages

setup(name='<package-name>',
      ...
      ...
      install_requires=['ecdsa==0.13', 'base58==0.2.5']

Maybe there is another way to achieve the same but i couldn't find any documentation.

826

asked Oct 19 '17 17:10

doze

1 Answers

Currently, I don't believe there is a simple way to specify a hash check within setup.py. My solution around it is to simply use virtualenv with hashed dependencies in requirements.txt. Once installed in the virtual environment you can run pip setup.py install and it will check the local environment (which is your virtual environment) and the packages installed is hashed.

Inside requirements.txt your hashed packages will look something like this:

requests==2.19.1 \
--hash=sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1 \
--hash=sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a

Activate your virtualenv and install requirements.txt file:

pip install -r requirements.txt --require-hashes

195

answered Oct 25 '22 20:10

S.Lee

Related questions
                            
                                How to Retrieve Original Variables After Scikit Model Run w/OneHotEncoding
                            
                                spaCy and scikit-learn vectorizer
                            
                                simultaneously receive logs from Rabbitmq and run your flask app
                            
                                Numpy integer division sometimes yields wrong results when casted
                            
                                How to make a TLS request using a smartcard with python?
                            
                                How to use .rolling() on each row of a Pandas dataframe?
                            
                                Set the background color for a PNG with transparency
                            
                                Is it really that difficult to return a scalar dot product in Keras (tf backend)?
                            
                                Is there a way to reduce Scrapy's memory consumption?
                            
                                How to put a Python script in the background without pythonw.exe?
                            
                                Django authentication override not working
                            
                                Share an evolving dict between processes
                            
                                Querying Array data type in elasticsearch using python_dsl
                            
                                Embedded python code in c++ - error when importing python libraries
                            
                                ImportError: attempted relative import with no known parent package
                            
                                How to handle with words which have space between characters?
                            
                                Vectorizing the multivariate normal CDF (cumulative density function) in Python
                            
                                How can I be sure I installed pip correctly on Mac OSX?
                            
                                Is it possible to use a fixture in another fixture and both in a test?
                            
                                sqlalchemy.exc.InvalidRequestError: Multiple classes found for path in the registry of this declarative base

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With