[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [bridgedb/develop] Check envvar before using easy_install to install setup.py requires.
commit d035fe64d85b12e6dbc5ebb23093e876f83b6d0a
Author: Isis Lovecruft <isis@xxxxxxxxxxxxxx>
Date: Mon Mar 23 03:00:26 2015 +0000
Check envvar before using easy_install to install setup.py requires.
If there is an environment variable BRIDGEDB_INSTALL_DEPENDENCIES=0,
then the setup.py script will not use easy_install to install
dependencies. The default when using `make install` is to avoid using
easy_install; the default when calling `python setup.py install` is to
use easy_install.
Until now, on BridgeDB's production server, `echo > requirements.txt`
was run to avoid allowing easy_install to search for dependencies. This
removes the need to do that. We shouldn't be erasing the
requirements.txt file anymore, because it is kept under revision control
and versioneer (which uses `git describe --tags --dirty --always` to
dynamically determine the BridgeDB package version at install time) will
add '-dirty' to the end of the version number if we change anything in
the repo. Adding '-dirty' to the package version causes it to be
invalid according to PEP440, causing other random failures such as the
inability to discover scripts and packaged data which pkg_resources.
---
Makefile | 4 ++--
setup.py | 13 ++++++++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index 8b6358b..c6c0442 100644
--- a/Makefile
+++ b/Makefile
@@ -22,11 +22,11 @@ pyflakes:
install:
-python setup.py compile_catalog
- python setup.py install --record installed-files.txt
+ BRIDGEDB_INSTALL_DEPENDENCIES=0 python setup.py install --record installed-files.txt
force-install:
-python setup.py compile_catalog
- python setup.py install --force --record installed-files.txt
+ BRIDGEDB_INSTALL_DEPENDENCIES=0 python setup.py install --force --record installed-files.txt
uninstall:
touch installed-files.txt
diff --git a/setup.py b/setup.py
index 5e5de39..9402071 100644
--- a/setup.py
+++ b/setup.py
@@ -264,8 +264,19 @@ class runTests(setuptools.Command):
sys.path = old_path
+# If there is an environment variable BRIDGEDB_INSTALL_DEPENDENCIES=0, it will
+# disable checking for, fetching, and installing BridgeDB's dependencies with
+# easy_install.
+#
+# Setting BRIDGEDB_INSTALL_DEPENDENCIES=0 is *highly* recommended, because
+# easy_install is a security nightmare. Automatically installing dependencies
+# is enabled by default, however, because this is how all Python packages are
+# supposed to work.
+if bool(int(os.environ.get("BRIDGEDB_INSTALL_DEPENDENCIES", 1))):
+ requires, deplinks = get_requirements()
+else:
+ requires, deplinks = [], []
-requires, deplinks = get_requirements()
setuptools.setup(
name='bridgedb',
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits