Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wheel blacklisting #14

Open
leorochael opened this issue May 3, 2017 · 1 comment · May be fixed by #16
Open

Wheel blacklisting #14

leorochael opened this issue May 3, 2017 · 1 comment · May be fixed by #16
Labels
enhancement

Comments

@leorochael
Copy link
Contributor

Some malformed wheels can be installed with pip directly but not with wheel.

Also some people might prefer to only trust wheels from their own wheelhouses instead of directly from pip (say, they use a different compiler, or don't trust binaries coming from PyPI, only sources).

It would be nice if we could blacklist certain wheels or even whole hosts.

Considering we're monkey-patching distros_for_location, this should be easy to implement.
@mrichar1 mrichar1 mentioned this issue Nov 19, 2017
Closed
@leorochael
Copy link
Contributor Author

After experimenting with this feature in a branch, I've come to the conclusion that there is nothing wheel specific about it, and it could just as well live in another extension, where it could be used to generically blacklist specific dists (including eggs or sdists).

I've thought about the following design:

Instead of a wheel-blacklist setting on [buildout], we could have a distribution-blacklist-section that contained the name of a buildout section. This section would then contain project names as keys, and fnmatch.filter() style patterns as values. Something like:

[buildout]
extensions =
    buildout.distblacklist
    buildout.wheel
distribution-blacklist-section = distblacklist
(...)

[distblacklist]
ptyprocess = */ptyprocess-0.5.1-py2.py3-none-any.whl
zc.recipe.egg = *.whl

The nice thing about this syntax is that it allows blacklisting specific dist formats in specific hosts for specific projects only (or even for specific architectures), like:

[distblacklist]
numpy = https://pypi.python.org/*/numpy-*-cp27-cp27m-manylinux1_x86_64.whl

We can get equivalent functionality by having a single setting contain all blacklist patterns instead of having different patterns for different project names, since the distribution names are necessarily embedded in the location URL, but allowing for different patterns for each project name allows to easily block certain formats of distribution only for certain projects.

@mrichar1 mrichar1 linked a pull request Nov 20, 2017 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add whitelist and blacklist support. mrichar1/buildout.wheel
1 participant
@leorochael