From 0b1d2e90dde81e9d44feb3c9ca004e3c9c93d2fa Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 18:45:57 +0000 Subject: [PATCH 1/9] Pin the version of virtualenv used by tox on Travis To fix the test failures due to backwards incompatible changes present in virtualenv 14.0.0 (due to the newer pip it bundles). --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9d206f5..2fdfd06 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ sudo: false language: python install: # Stick to a known-good version of tox, just in case: - - pip install tox==1.9.2 flake8==2.4.0 + - pip install tox==1.9.2 virtualenv==13.1.2 flake8==2.4.0 script: # Run linter and then the test suite. 3.1 is missing on Travis. - flake8 --show-source && tox --skip-missing-interpreters From fe3f3591e11b84368614e4183a862ff3b04e0c93 Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 20:03:42 +0000 Subject: [PATCH 2/9] Improve wrapping of tox.ini envlist --- tox.ini | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 0c067e7..c0a8f31 100644 --- a/tox.ini +++ b/tox.ini @@ -6,7 +6,10 @@ max-line-length = 140 # Test pip 1.0 through 1.5.6 with Python 3.1 except pip 1.4-1.5.5 since they're # incompatible with py31 (https://github.com/pypa/pip/issues/1105). # Test pip >= 1.0 with Python 2.6, 2.7, 3.2, 3.3, and 3.4. -envlist = py{26,27}-pip{062,063,070,071,072,080,081,082,083}, py31-pip{100,101,102,110,120,121,130,131,156}, py{26,27,32,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712} +envlist = + py{26,27}-pip{062,063,070,071,072,080,081,082,083}, + py31-pip{100,101,102,110,120,121,130,131,156}, + py{26,27,32,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712} [testenv] commands = nosetests From 4c4033e04634a92183bdd2a65e3ec6ec034070bc Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 22:02:16 +0000 Subject: [PATCH 3/9] Remove deprecated pip --download-cache option from tox install_command Since it's been removed from recent pip and causes a bunch of log spew. --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index c0a8f31..56c74dc 100644 --- a/tox.ini +++ b/tox.ini @@ -15,7 +15,7 @@ envlist = commands = nosetests # Leave out "--pre" option that doesn't exist in old pips: -install_command = pip install {opts} --download-cache=~/.pip/download {packages} +install_command = pip install {opts} {packages} deps = nose From 99e998b6dfd678db06d56245f6b5f5474088931a Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 22:01:17 +0000 Subject: [PATCH 4/9] Speed up the Travis run by caching the pip cache directory The Travis run was timing out occasionally whilst downloading packages from PyPI. This enables Travis caching to hopefully avoid this (once we get at least one green job that saves the populated pip cache): https://docs.travis-ci.com/user/caching/#pip-cache --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2fdfd06..e32097a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,8 @@ sudo: false language: python +cache: + directories: + - $HOME/.cache/pip install: # Stick to a known-good version of tox, just in case: - pip install tox==1.9.2 virtualenv==13.1.2 flake8==2.4.0 From 6d765cb695adf663b6ed29016bae550e3b4eac8f Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 20:08:57 +0000 Subject: [PATCH 5/9] Drop support for Python 3.1/3.2 Since they are no longer maintained, and pip has also dropped support. People using them can continue using peep v2.5.0 instead. --- README.rst | 3 +++ setup.py | 2 -- tox.ini | 7 ++----- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index 66b19fe..f1d76d5 100644 --- a/README.rst +++ b/README.rst @@ -248,6 +248,9 @@ If you're using pip 1.5, pass the ``--no-use-wheel`` argument. Version History =============== +Unreleased + * Drop support for Python 3.1/3.2. + 2.5 * Support pip 7.x, through the currently latest 7.1.2, working around its buggy line counting. (kouk) diff --git a/setup.py b/setup.py index 526a8f7..f38f94b 100644 --- a/setup.py +++ b/setup.py @@ -37,8 +37,6 @@ 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.1', - 'Programming Language :: Python :: 3.2', 'Programming Language :: Python :: 3.3', 'Programming Language :: Python :: 3.4', 'Topic :: Software Development :: Build Tools', diff --git a/tox.ini b/tox.ini index 56c74dc..662a4cc 100644 --- a/tox.ini +++ b/tox.ini @@ -3,13 +3,10 @@ max-line-length = 140 [tox] # Test all pip versions >= 0.6.2 against Python 2.x. -# Test pip 1.0 through 1.5.6 with Python 3.1 except pip 1.4-1.5.5 since they're -# incompatible with py31 (https://github.com/pypa/pip/issues/1105). -# Test pip >= 1.0 with Python 2.6, 2.7, 3.2, 3.3, and 3.4. +# Test pip >= 1.0 with Python 2.6, 2.7, 3.3, and 3.4. envlist = py{26,27}-pip{062,063,070,071,072,080,081,082,083}, - py31-pip{100,101,102,110,120,121,130,131,156}, - py{26,27,32,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712} + py{26,27,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712} [testenv] commands = nosetests From fade4d62ca169fb899dfd27167d1547518c94a86 Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 17:53:14 +0000 Subject: [PATCH 6/9] Add support for pip 8.x Pip 8 has deprecated the `--allow-external`, `--allow-unverified` and `--allow-all-external` options, since they they now a no-op after changes to PyPI, even with older versions of pip: https://github.com/pypa/pip/pull/3070#issuecomment-137464224 Removing handling for these in peep does not affect older versions of pip, but avoids an exception for each removed option with pip v8: TypeError: __init__() got an unexpected keyword argument 'allow_unverified' Fixes #112. --- README.rst | 3 +++ peep.py | 8 +++++--- tox.ini | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index f1d76d5..2e7e78f 100644 --- a/README.rst +++ b/README.rst @@ -249,6 +249,9 @@ Version History =============== Unreleased + * Add support for pip 8.x. + * Drop support for the ``--allow-external``, ``--allow-unverified`` and + ``--allow-all-external`` arguments (for compatibility with pip v8). * Drop support for Python 3.1/3.2. 2.5 diff --git a/peep.py b/peep.py index 6b9393a..9107243 100755 --- a/peep.py +++ b/peep.py @@ -362,9 +362,11 @@ def package_finder(argv): # Carry over PackageFinder kwargs that have [about] the same names as # options attr names: possible_options = [ - 'find_links', FORMAT_CONTROL_ARG, 'allow_external', 'allow_unverified', - 'allow_all_external', ('allow_all_prereleases', 'pre'), - 'process_dependency_links'] + 'find_links', + FORMAT_CONTROL_ARG, + ('allow_all_prereleases', 'pre'), + 'process_dependency_links' + ] kwargs = {} for option in possible_options: kw, attr = option if isinstance(option, tuple) else (option, option) diff --git a/tox.ini b/tox.ini index 662a4cc..ca87b60 100644 --- a/tox.ini +++ b/tox.ini @@ -6,7 +6,7 @@ max-line-length = 140 # Test pip >= 1.0 with Python 2.6, 2.7, 3.3, and 3.4. envlist = py{26,27}-pip{062,063,070,071,072,080,081,082,083}, - py{26,27,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712} + py{26,27,33,34}-pip{100,101,102,110,120,121,130,131,140,141,150,151,152,153,154,155,156,600,601,602,603,604,605,606,607,608,610,611,700,701,702,703,710,711,712,800} [testenv] commands = nosetests @@ -60,3 +60,4 @@ deps = pip710: pip==7.1.0 pip711: pip==7.1.1 pip712: pip==7.1.2 + pip800: pip==8.0.0 From 71081969df8d89c53eff48f97cac868257b50f63 Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Wed, 20 Jan 2016 17:54:42 +0000 Subject: [PATCH 7/9] Bump version to 3.0.0 --- README.rst | 2 +- peep.py | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 2e7e78f..c4ecb3b 100644 --- a/README.rst +++ b/README.rst @@ -248,7 +248,7 @@ If you're using pip 1.5, pass the ``--no-use-wheel`` argument. Version History =============== -Unreleased +3.0.0 * Add support for pip 8.x. * Drop support for the ``--allow-external``, ``--allow-unverified`` and ``--allow-all-external`` arguments (for compatibility with pip v8). diff --git a/peep.py b/peep.py index 9107243..c4e51f4 100755 --- a/peep.py +++ b/peep.py @@ -104,7 +104,7 @@ def iter(self, ret, *args, **kwargs): DownloadProgressBar = DownloadProgressSpinner = NullProgressBar -__version__ = 2, 5, 0 +__version__ = 3, 0, 0 try: from pip.index import FormatControl # noqa diff --git a/setup.py b/setup.py index f38f94b..9a19daf 100644 --- a/setup.py +++ b/setup.py @@ -12,7 +12,7 @@ setup( name='peep', - version='2.5.0', + version='3.0.0', description='A "pip install" that is cryptographically guaranteed repeatable', long_description=open('README.rst').read(), author='Erik Rose', From ca63b6b252a4f723aa64356eebdbfeb9a9b887b5 Mon Sep 17 00:00:00 2001 From: Erik Rose Date: Wed, 20 Jan 2016 22:59:40 -0500 Subject: [PATCH 8/9] Call it 3.0, not 3.0.0, for consistency with older versions. --- README.rst | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index c4ecb3b..65ec85b 100644 --- a/README.rst +++ b/README.rst @@ -248,7 +248,7 @@ If you're using pip 1.5, pass the ``--no-use-wheel`` argument. Version History =============== -3.0.0 +3.0 * Add support for pip 8.x. * Drop support for the ``--allow-external``, ``--allow-unverified`` and ``--allow-all-external`` arguments (for compatibility with pip v8). diff --git a/setup.py b/setup.py index 9a19daf..8029698 100644 --- a/setup.py +++ b/setup.py @@ -12,7 +12,7 @@ setup( name='peep', - version='3.0.0', + version='3.0', description='A "pip install" that is cryptographically guaranteed repeatable', long_description=open('README.rst').read(), author='Erik Rose', From 409748709a054571cedec71245b84c7de4d235a1 Mon Sep 17 00:00:00 2001 From: Erik Rose Date: Wed, 20 Jan 2016 23:50:14 -0500 Subject: [PATCH 9/9] Add instructions on how to upgrade to pip 8. (And refer to it in a standard way.) --- README.rst | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/README.rst b/README.rst index 65ec85b..cf270e5 100644 --- a/README.rst +++ b/README.rst @@ -3,11 +3,23 @@ .. note:: - Peep will soon be deprecated in favor of the `hash-checking functionality - built into pip 8 - `_. - Once you've upgraded your infrastructure to pip 8, due out early 2016, - switch the format of your hashes using ``peep port``, described below. + Peep is deprecated, as we have `merged its functionality into pip 8 + `_. This brings myriad improvements, including support for caching, + detection of omitted dependencies, and better handling of errors and corner + cases. To switch to pip 8's hash-checking without hitting any race + conditions... + + 1. Upgrade to peep 3.0 (which exists mainly as a stopgap to support + race-free upgrades like this). + 2. Upgrade to pip 8. + 3. Atomically, switch the format of your requirements files using ``peep + port`` (described below), and start calling pip instead of peep. + 4. Delete peep from your project. + + Thank you for using peep! Your early support helped establish hash + verification as a feature worth uplifting, and now the package ecosystem is + safer for everyone. ==== Peep @@ -251,7 +263,7 @@ Version History 3.0 * Add support for pip 8.x. * Drop support for the ``--allow-external``, ``--allow-unverified`` and - ``--allow-all-external`` arguments (for compatibility with pip v8). + ``--allow-all-external`` arguments (for compatibility with pip 8). * Drop support for Python 3.1/3.2. 2.5