Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hash Checking in setup.py install requires

Tags:

python

pip

setup.py

setuptools

distutils

According to pip documentation, it is possible to specify the hash of a requirement in the requirements.txt file. Is it possible to get the same by specifying the hash in the setup.py so that the hash is checked when someone simply does pip install <package>?. I'm specifying the requirements in the setup.py by passing the install_requires keyword argument to the setup function in the distutils package.

from distutils.core import setup
from setuptools import find_packages

setup(name='<package-name>',
      ...
      ...
      install_requires=['ecdsa==0.13', 'base58==0.2.5']

Maybe there is another way to achieve the same but i couldn't find any documentation.

like image 826
doze Avatar asked Oct 19 '17 17:10

doze

People also ask

How do I enable setup py?

To install a package that includes a setup.py file, open a command or terminal window and: cd into the root directory where setup.py is located. Enter: python setup.py install.

Do you need setup py and requirements txt?

The short answer is that requirements. txt is for listing package requirements only. setup.py on the other hand is more like an installation script. If you don't plan on installing the python code, typically you would only need requirements.

How do you update hashes?

Click Tools > Distribution > Distribution packages. From the shortcut menu for the package whose hash you want to update, click Reset package hash. This can take a few minutes on large packages.

1 Answers

Currently, I don't believe there is a simple way to specify a hash check within setup.py. My solution around it is to simply use virtualenv with hashed dependencies in requirements.txt. Once installed in the virtual environment you can run pip setup.py install and it will check the local environment (which is your virtual environment) and the packages installed is hashed.

Inside requirements.txt your hashed packages will look something like this:

requests==2.19.1 \
--hash=sha256:63b52e3c866428a224f97cab011de738c36aec0185aa91cfacd418b5d58911d1 \
--hash=sha256:ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a

Activate your virtualenv and install requirements.txt file:

pip install -r requirements.txt --require-hashes
like image 195
S.Lee Avatar answered Oct 25 '22 20:10

S.Lee
Sign in to Comment

Related questions

How to Retrieve Original Variables After Scikit Model Run w/OneHotEncoding
spaCy and scikit-learn vectorizer
simultaneously receive logs from Rabbitmq and run your flask app
Numpy integer division sometimes yields wrong results when casted
How to make a TLS request using a smartcard with python?
How to use .rolling() on each row of a Pandas dataframe?
Set the background color for a PNG with transparency
Is it really that difficult to return a scalar dot product in Keras (tf backend)?
Is there a way to reduce Scrapy's memory consumption?
How to put a Python script in the background without pythonw.exe?
Django authentication override not working
Share an evolving dict between processes
Querying Array data type in elasticsearch using python_dsl
Embedded python code in c++ - error when importing python libraries
ImportError: attempted relative import with no known parent package
How to handle with words which have space between characters?
Vectorizing the multivariate normal CDF (cumulative density function) in Python
How can I be sure I installed pip correctly on Mac OSX?
Is it possible to use a fixture in another fixture and both in a test?
sqlalchemy.exc.InvalidRequestError: Multiple classes found for path in the registry of this declarative base

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!